←back to thread

I can see your local web servers

(http.jameshfisher.com)
652 points jamesfisher | 9 comments | 28 May 19 07:57 UTC | HN request time: 0.498s | source | bottom
Show context
jsgyx ◴[28 May 19 08:44 UTC] No.20028318[source]
I use NoScript, you can't see shit.
replies(3): >>20028357 #>>20028408 #>>20028429 #
1. julienreszka ◴[28 May 19 08:53 UTC] No.20028357[source]
You can't see shit neither
replies(3): >>20028366 #>>20028456 #>>20029152 #
2. vbsteven ◴[28 May 19 08:55 UTC] No.20028366[source]
yes, he can, he will see the modern equivalent of "This site is best viewed in Internet Explorer". Which in 2019 becomes "Please enable Javascript to view this page"
replies(1): >>20028471 #
3. alfiedotwtf ◴[28 May 19 09:16 UTC] No.20028456[source]
That was actually funny
4. larkeith ◴[28 May 19 09:20 UTC] No.20028471[source]
Honestly, such notices are shockingly unusual - most of the time (at least for the sites I encounter) they don't bother with <noscript>, you just get a broken and/or blank page.

I mostly use the web for reading blogs and articles, so the loss of dynamic sites isn't troublesome, but it's certainly not for most users.

(Edit: Some numerical context I have enabled Javascript for 194 sites over the last five years, whereas I encounter several new sites daily.)

replies(1): >>20028536 #
5. vbsteven ◴[28 May 19 09:38 UTC] No.20028536{3}[source]
I also browse with noscript all the time and I get them quite often. Mostly on product landing pages and Show HN demos.
replies(1): >>20031256 #
6. icebraining ◴[28 May 19 11:51 UTC] No.20029152[source]
Actually, they can: even if you enable JS, NoScript's ABE will prevent this attack: https://en.wikipedia.org/wiki/NoScript#Application_Boundarie...
replies(1): >>20032702 #
7. larkeith ◴[28 May 19 15:43 UTC] No.20031256{4}[source]
Hmm, I wonder if it's confirmation bias on my end, or just a difference in what pages we each view.
replies(1): >>20034012 #
8. mrob ◴[28 May 19 18:04 UTC] No.20032702[source]
Not anymore. It's not included in modern versions (after the changes in Add-Ons for Firefox's Quantum update).
9. npsimons ◴[28 May 19 20:23 UTC] No.20034012{5}[source]
> Hmm, I wonder if it's confirmation bias on my end, or just a difference in what pages we each view.

Yes.

Joking aside, I will add that I've been a NoScript/FlashBlock user for quite some time (more than a decade? I honestly can't remember), and while I run into some things that are frustrating (just had to disable NoScript for a tab to order plane tickets), it is refreshingly uncommon.

Yes, you can browse with default deny to JS and Flash.