Hacker News new | past | comments | ask | show | jobs | submit login

Is there a good way of preventing unauthorized javascript injections? Some type of onReady cleanup script that can identify what is supposed to be there and then strip out everything else?



HTTPS


Sadly, not completely. A surprising nonzero number of users have isps that insist on using their own root cert to inject this nonsense.


Or just local antivirus. There is a shocking amount of user level firewalls that break the web really badly.


Why would a standard browser trust that certificate?


It's installed by the ISP's setup program which they tell everyone is mandatory (otherwise they won't get the adware kickbacks) and the techs are discouraged from skipping.


How often that does even happen? Many people just get a router (w/modem) in the mail which they just connect to with their devices. No software is being installed.


100% of Comcast and Verizon installs in my experience. RCN offered but wasn't pushy and they seem to have stopped.


facepalm


Not really. That stops an ISP, but local malware, antivirus, etc can be browser extensions.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: