An ability to disable JavaScript entirely, an API blacklist to limit functionality, and an ability to configure specific privileges and safe locations can be used to define under which circumstances JavaScript …

To reduce this risk, applications should have any in-built security functionality enabled and appropriately configured along with unrequired functionality disabled.

In this paper, we will discuss how to think about defining an appropriate set of blocks for an application and audience. We’ll focus on blocks that Blockly supports and use existing apps built...

Microsoft introduced Attack Surface Reduction (ASR) as part of Windows defender exploit guard. ASR is composed of a set of configurable rules such as: "Block Office applications from creating child …

Examples of active content are Portable Document Format (PDF) documents, Web pages containing Java applets, JavaScript instructions, or ActiveX controls, word processor files containing macros, …

Some of these add-ons and plug-ins use the browser's JavaScript engine to execute JavaScript code. For example, Adobe ash animation can use JavaScript code that will be executed on the browser, or …

In this section, we discuss some misconceptions about current reliance on JavaScript, the viability of JavaScript blocking, and incentives for website owners for making their websites usable without …