Hacker News new | comments | show | ask | jobs | submit login

This is already the case with Chrome. See http://superuser.com/questions/450893/how-to-install-a-priva... which details how unauthorized userscripts are made difficult to install.

Even better, try pasting

   javascript:alert('hi');
into the address bar.



Those changes were made for security, to make social engineering attacks more difficult. You can still type JS into the address bar, you just can't copy and paste it.


Further, you can copy and paste it into the console.


I can confirm that this was to close actively exploited security vulnerabilities. I was one of the first to file a "bug" on this attack vector. :)


this is probably a good thing more often then not, though.


Fascinating!




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: