Javascript.allow.mailnews
NOTE! In Thunderbird3/SeaMonkey2 this pref has been removed and has no effect. There is no way to enable JavaScript in mail messages anymore, however, for news feeds JavaScript is enabled.
Contents
Background
Newsgroup messages and e-mail can be in HTML format and HTML can include JavaScript, so e-mail messages can include executable code. This preference controls whether to allow JavaScript in newsgroup messages and e-mails to execute.
Possible values and their effects
True
JavaScript in newsgroup messages and e-mails can execute.
False
JavaScript in newsgroup messages and e-mails cannot execute. (Default)
UI
Mozilla Suite
A checkbox labeled “Mail & Newsgroups” is located under “Edit → Preferences → Advanced → Scripts & Plug-ins → Enable JavaScript for”.
Recommended settings
While Mozilla products are secure, JavaScript in e-mails is a common attack vector and is rarely used legitimitely. It is recommended that this value be left at false unless there are compelling reasons not to.
First checked in
Has an effect in
- Mozilla Suite (all versions since M13)
- Thunderbird (all versions, TB 3.0 before 2009-02-17)
- SeaMonkey (all versions, SM 2.0 before 2009-02-17)
Related bugs
- Bug 13023 - [Feature] Users must be able to disable Java and JavaScript
- Bug 248280 - pref "javascript.allow.mailnews" is obsolete and should be removed
- Bug 453928 - Reevaluate MailNews use of CAPS
