建议开发组参考火狐的 NoScript扩展,开源的,不利用白不利用
网址:http://noscript.net/
The NoScript Firefox extension provides extra protection for Firefox, Flock, Seamonkey and others mozilla-based browsers: this free, open source add-on allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank), and provides the most powerful Anti-XSS protection available in a browser.
NoScript's unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known and even not known yet!)with no loss of functionality...
You can enable JavaScript, Java and plugin execution for sites you trust with a simple left-clickon the NoScript status bar icon (look at the picture), or using the contextual menu, for easier operation in popup statusbar-less windows. Watch the "Using NoScript" video kindly contributed by John Wilkerson. Staying safe has never been so easy!
Experts will agree: Firefox is really safer with NoScript!