[madsr]

And this is why we use Firefox with NoScript on unknown sites :-)

[mike-cardwell]

RequestPolicy also protects against this by asking the user for confirmation before visiting any new domain unless the request was initiated by the user. In this case, RequestPolicy would detect that the request for a URL on a new domain was generated by JavaScript.

So even if you enable JavaScript on a site, RequestPolicy is a good second line of defence.

[ygra]

I wouldn't count Google as unknown ;-)

[madsr]

Google isn't, but the page providing the link (frameloss.org) is unknown (to me).