2 replies to this topic

[Nocturnion]

Ads require running 3rd party javascript code, which can be risky; sometimes hackers even spread their attacks through ad networks. Fortunately html5 added a new 'sandbox' attribute to iframes to increase security. It is supported in modern browsers and should have no effect on older browsers.
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#attr-sandbox
The sandbox will prevent any javascript in the ads from accessing or modifying the rest of the webpage. One nice effect of this: ads won't be able to open popup windows anymore.

If you're interested, I think you can easily add this to batoto. What you want is probably:

<iframe src="...ad url..." sandbox="allow-scripts"></iframe>

or if you need to include the html code for the ad directly:

<iframe srcdoc="...html code for ad here..." sandbox="allow-scripts"></iframe>

That's it. You may want to check the documentation for the ad networks to see if this sandboxing would interfere with the ads at all, but I doubt it would.

 

Personally, I don't directly block ads, but I do block javascript by default (with NoScript). I want to run ads to support batoto, but I won't run any untrusted 3rd party javascript without restrictions.
 

Edited by Nocturnion, 02 March 2014 - 05:35 PM.

[Grumpy]

I really wish sandboxing worked. But it doesn't. The ads fail to work then. This is something I already tested before.

[Gnah]

Personally, I don't directly block ads, but I do block javascript by default (with NoScript). I want to run ads to support batoto, but I won't run any untrusted 3rd party javascript without restrictions.
 

You know, if you really want to support them and not feel bad about blocking ads (btw I also run NoScript blocking all things java by default) then you might want to have a look at the add-removal subscriptions.