Insecure link on "Using the Web Storage API" page #37592
Comments
sedererdj
added
the
needs triage
|
Thanks for reporting. I don't see anything wrong with the link, either with the content ("The pitfalls of using objects as maps in JavaScript") or with the site resources it loads. Could you explain why you think it should be removed? |
|
Hello, and thanks for quick reply. my problem is not with the content provided by the target link per se, but the fact that website at target link loads significant amount of javascript. currently i cannot provide more details, but i have a suspicion that the said website was used as mean of XSS (or maybe not), least of what i know is that the remote resource run eval() on externally loaded resources which caused my browser to complain. in any case, the content of the said page is not essential to the article that it is being pointed by, (i know it is style guideline recommendation, but it is misc content), and i think inline note at "Using the Web Storage API" about recommendation of using this API through getter/setter functions is enough without the need for an external link. |
|
I understand. I don't think we'll be removing it on those grounds, as it appears to be quite light on resources, you may want to check disabling / allowlisting JavaScript via some methods here if you're looking to avoid using too much data / bandwidth: https://support.mozilla.org/en-US/kb/javascript-settings-for-interactive-web-pages I'll close for now, thank you! |
MDN URL
https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API/Using_the_Web_Storage_API
What specific section or headline is this issue about?
misc 'Note' section below the 'basic concepts'
What information was incorrect, unhelpful, or incomplete?
the "pitfalls" hyperlink.
What did you expect to see?
removal of the said link, or cite another source.
Do you have any supporting links, references, or citations?
none
Do you have anything more you want to share?
the said hyperlink, currently pointing to "https://2ality.com/2012/01/objects-as-maps.html" will cause user to jump on a third party website that has sizeable amount of externally loaded scripts. the information provided by the hyperlink is not essential to the content at hand, and it will unnecessarily cause visitors to run a sizable amount of third party JS resources that could be insecure.
MDN metadata
Page report details
en-us/web/api/web_storage_api/using_the_web_storage_apiThe text was updated successfully, but these errors were encountered: