> My preferred solution would be to disable javascript altogether.
My preferred solution would be not to use web browsers at all, but our preferred solutions are much harder to make a case for than a simple security policy.
> This will only lead to organizations running IE7 (or whatever outdated IE version is most common now) forever.
In general, let's let them make that choice, but this could be configurable in the browser in the same way Javascript and cookie policy exceptions are handled.
My preferred solution would be not to use web browsers at all, but our preferred solutions are much harder to make a case for than a simple security policy.
> This will only lead to organizations running IE7 (or whatever outdated IE version is most common now) forever.
In general, let's let them make that choice, but this could be configurable in the browser in the same way Javascript and cookie policy exceptions are handled.