this post was submitted on 23 Jun 2025
35 points (92.7% liked)

Open Source

38174 readers
160 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
Cloak@lemmy.ml
kevincox@lemmy.ml
CrypticCoffee@lemmy.ml
Lettuceeatlettuce@lemmy.ml
35
Is there a way to block browser JavaScript from executing commands that retrieve sensitive information from my local machine, while still allowing JavaScript that is only used for rendering web pages? (lemmy.world)
submitted 13 hours ago by happeningtofry99158@lemmy.world to c/opensource@lemmy.ml
18 comments fedilink hide all child comments
 

cross-posted from: https://lemmy.world/post/31859998

Please see the cross-post as it is updated.

As a security-conscious user, I've used NoScript since Firefox's early days, but its restrictive nature has become frustrating. I'm often forced to go unprotected just to access websites with multiple scripts running on different domains, which defeats the purpose of using NoScript and balances security and usability that it once provided.

Is there a way to block browser JavaScript from executing commands that retrieve sensitive information from my local machine, while still allowing JavaScript that is only used for rendering web pages?

greatly appreciate any insight

cross-posted from: https://lemmy.world/post/31859998

Please see the cross-post as it is updated.

you are viewing a single comment's thread
view the rest of the comments
[–] copygirl@lemmy.blahaj.zone 3 points 12 hours ago (8 children)

What is meant by "sensitive information" here? Browsers can't just willy-nilly access your local files or something like that. The one thing I can think of is using JavaScript to collect information that can be used to identify you. (Is that "sensitive"? I'd put that in "identifying information".) My honest suggestion is to keep using NoScript and just allow as few domains as possible. The next best option is to stop using websites that break without JavaScript when there's no reason why they'd need it.

I can imagine there being a plugin that spoofs some common ways that allow sites to identify you cross-sessions / browser / websites without your consent, but blocking JavaScript (by default) is likely one of the best ways to reduce the amount of information collected about you. When you do find such a plugin, check out one of the "browser fingerprint" testing sites to see how unique your fingerprint is.

(That is, if I even understood the request properly in regards to the "sensitive information" bit.)

[–] happeningtofry99158@lemmy.world 2 points 12 hours ago (7 children)

by sensitive information I'm referring to

  • local machine time
  • local machine ram
  • local machine operating system + version
  • local machine hardware
  • Serial Number
  • Hardware ID
  • UUID
  • Windows Device ID
  • Windows Product ID
  • ...

Can I prevent javascript from running specific command that retrieve these information?

I found chameleon which spoof local machine operating system + version and browser information. But I'm not sure about other information

[–] copygirl@lemmy.blahaj.zone 2 points 12 hours ago (4 children)

Can you link to a source that confirms this information can be collected with JavaScript (with browser comparison, ideally)? That seems outrageous if it was actually possible.

load more comments (2 replies)
load more comments (4 replies)
load more comments (4 replies)