Javascript.allow.mailnews

From MozillaZine Knowledge Base
Jump to navigationJump to search


NOTE! In Thunderbird3/SeaMonkey2 this pref has been removed and has no effect. There is no way to enable JavaScript in mail messages anymore, however, for news feeds JavaScript is enabled.


Background

Newsgroup messages and e-mail can be in HTML format and HTML can include JavaScript, so e-mail messages can include executable code. This preference controls whether to allow JavaScript in newsgroup messages and e-mails to execute.

Possible values and their effects

True

JavaScript in newsgroup messages and e-mails can execute.

False

JavaScript in newsgroup messages and e-mails cannot execute. (Default)

UI

Mozilla Suite

A checkbox labeled “Mail & Newsgroups” is located under “Edit → Preferences → Advanced → Scripts & Plug-ins → Enable JavaScript for”.

Recommended settings

While Mozilla products are secure, JavaScript in e-mails is a common attack vector and is rarely used legitimitely. It is recommended that this value be left at false unless there are compelling reasons not to.

First checked in

2000-01-08 by Norris Boyd.

Has an effect in

  • Mozilla Suite (all versions since M13)
  • Thunderbird (all versions, TB 3.0 before 2009-02-17)
  • SeaMonkey (all versions, SM 2.0 before 2009-02-17)

Related bugs

  • Bug 13023 - [Feature] Users must be able to disable Java and JavaScript
  • Bug 248280 - pref "javascript.allow.mailnews" is obsolete and should be removed
  • Bug 453928 - Reevaluate MailNews use of CAPS

Related preferences