[dkokelley]

I have JavaScript disabled by default, so when I see something like that, I assume some style element relies on JavaScript to run correctly. I usually put up with it for the feeling of security I get, but if it is designed to do that I can't say I like it.

[rpm4321]

Hey, quick question for you. I've got a version of Chrome with JS and plugins disabled that I use for not entirely trusted links. Do you know if there are still some exploits we're vulnerable to, especially on Win? I think I remember hearing a while back that it isn't foolproof.

[dkokelley]

Can't say for sure that anything is completely secure. JS is just one of those things that's easy to defend against, and it plugs a major attack vector. It also kills many tracking techniques. I also have a hosts file that blacklists known virus/shock/advertising sites, as well as ad blockers and "antisocial" plugins that remove Facebook "like" and other social media sharing buttons (which can aggregate your browsing history and connect it with your social profile).

If you're very paranoid, you can set up a sandbox VM for risky sites. Just make a good stable image and reload it every day in case you picked up anything bad.