> >So > >is their an agenda or just many idiots who see TLS=security and don't > >see lack of secure cookie usage and XSS vulnerabilities (now protected > >by SSL everywhere) meaning a site is likely exploitable in other ways!! > > You guys should seriously check "Nirvana fallacy".
Nivana Fallacy, Complete nonsense, it is completely plausible to encourage better control of JS and encourage more responsible use and not even difficult for browsers to set up sites to replace the thousands of CAs which can't all be secure. If users don't know what they are doing then why do the browsers view SSL as more important than the situation that allows them to do so much damage simply by pasting scripts into their sites. Partly the reason is browser developers are also using js more than they should. Google use javascript themselves for tracking by the way. Google groups won't even load without javascript despite w3c guidelines saying javascript should not be required for site navigation. Sites are starting to create their own scroll bars. It is getting worse not better despite html5 promising and giving the potential of the opposite. -- KISSIS - Keep It Simple So It's Securable
