I think you asked for it.

To be fair, most of the recent traffic to my homenode was generated by you. It was not my intention to cause such controversy, and I dont think I would have on my own. Needless to say any humourous/educational aspect seems well and truly lost...the script is gone.

I appreciate the sober response - I too am not here for a "slagging match". Live and learn.

Howdy!

I'm unclear just what aspect of that was either humorous or educational. It seemed to be more like painting a hallway with Nitrogen Triiodide. People innocently "blunder" into the booby trap, and the effects of doing so are shared with way too many people who aren't in on the joke.

That the ChatterBox is frequently silly (or Scilly, even) and subject to small talk is irrelevant. At least when someone clicks a homenode button that produces some sort of silly message in the CB, the person had to take an affirmative step to cause it. Your "joke" was triggered merely by visiting your homenode -- a perfectly reasonable act for someone to take. It wasn't particularly funny, and the extra noise in the CB simply served to inflame the discussion further.

yours,
Michael

I find JavaScript very useful, and the only site that has casued me problems with it is PerlMonks.

You apparently have not been around the web very long, then. Back in the bad old days before capability policies (which, incidentally, some quite popular browsers have not yet bothered to implement), the stupid JS stunts a few people around here pull on their homenodes would have seemed as nothing; back then, Javascript used to be able to easily crash your browser and/or your operating system, and with a bit more effort it could be made to do much worse things than that. I surfed with Javascript disabled for years.

These days I generally surf with Javascript enabled, but limited by capability policies, but I still occasionally find myself having to turn it off to escape the rude effects of one site or another, and it is noteworthy that Perlmonks to date has not been one of the sites that has necessitated this; stupid stunts like automatically posting a message in the chatterbox are pointless and arguably rude, but they don't cause any tangible harm.

I don't normally surf with Javascript disabled, but that's mostly because I prefer not to go through life paranoid. I don't lock my house at night either. So far I haven't been seriously hurt by either policy, but it is certainly possible that at some point I *could* be. Taking that risk is a decision that I make after weighing the relative merits of safety and convenience against probabilities.

I tend to agree with tye that Perlmonks should be responsible and filter scripts out of all user-submitted content that isn't checked by hand by the site admins. But that will only protect you from being harmed by Javascript code here on Perlmonks; if you surf the rest of the web, with Javascript enabled, it won't protect you.

But that will only protect you from being harmed by Javascript code here on Perlmonks;

And that's all we're asking for. I watch what websites I go to, and it's generally a select few where I don't have to worry about anything happening, and those are generally well known and well traversed sites. Perlmonks is a well known and established site; it should be the same way, in my opinion.

    -Bryan

You might occasionally be surprised what well-known and well-traversed sites will do. A few years ago (circa late 2000 or early 2001) I ran into a situation where the website for the Cartoon Network was using Javascript to change browser preferences (in particular, the home page) and to prevent the user from leaving the site, the net effect being that even after a reboot, the only way to visit any other website was to disable Javascript. The computer where I ran into this was still using IE5 at the time, and users kept going to that site, and then I'd get called down to fix it again, so what I ended up doing was using a hosts file entry to redirect that site to 10.0.13.13 or somesuch. Of course, a modern web browser won't allow such schenanighans, and the site in question stopped doing it a few weeks later anyway, but my point is that it's not safe to assume all well-known and well-traversed sites are also well-written and innocuous.

Then there's the small matter of what the advertisers who buy ad space on well-known and well-traversed sites will do. If you trust doubleclick.net to run arbitrary scripts on your system, you're insane, IMO.