MozillaZine

Javascript.allow.mailnews

From MozillaZine Knowledge Base

The title given to this article is incorrect due to technical limitations. The correct title is javascript.allow.mailnews.

This article describes the preference javascript.allow.mailnews. To add, delete, or modify this preference, you will need to edit your configuration — do not edit this article.


NOTE! In Thunderbird3/SeaMonkey2 this pref has been removed and has no effect. There is no way to enable JavaScript in mail messages anymore, however, for news feeds JavaScript is enabled.


Contents

[edit]

Background

Newsgroup messages and e-mail can be in HTML format and HTML can include JavaScript, so e-mail messages can include executable code. This preference controls whether to allow JavaScript in newsgroup messages and e-mails to execute.

[edit]

Possible values and their effects

[edit]

True

JavaScript in newsgroup messages and e-mails can execute.

[edit]

False

JavaScript in newsgroup messages and e-mails cannot execute. (Default)

[edit]

UI

[edit]

Mozilla Suite

A checkbox labeled “Mail & Newsgroups” is located under “Edit → Preferences → Advanced → Scripts & Plug-ins → Enable JavaScript for”.

[edit]

Recommended settings

While Mozilla products are secure, JavaScript in e-mails is a common attack vector and is rarely used legitimitely. It is recommended that this value be left at false unless there are compelling reasons not to.

[edit]

First checked in

2000-01-08 by Norris Boyd.

[edit]

Has an effect in

  • Mozilla Suite (all versions since M13)
  • Thunderbird (all versions, TB 3.0 before 2009-02-17)
  • SeaMonkey (all versions, SM 2.0 before 2009-02-17)
[edit]

Related bugs

  • Bug 13023 - [Feature] Users must be able to disable Java and JavaScript
  • Bug 248280 - pref "javascript.allow.mailnews" is obsolete and should be removed
  • Bug 453928 - Reevaluate MailNews use of CAPS
[edit]

Related preferences

Retrieved from "http://kb.mozillazine.org/Javascript.allow.mailnews"