7.2.11 Ensure Javascript Is Enabled

Information

While some graybeards (Me not included) promote the good old days when web pages were primarily or exclusively text and dynamic content was not available current web sites contain extensive scripting (JavaScript) to provide an appealing experience. For most users mission critical information on websites (Internal or External) are likely to require JavaScript and if the browser does not allow JavaScript the site will not work well, or at all and may lead to help desk calls.

Rationale:

For normal user experience in web browsing JavaScript must be enabled. Specialized browsing for specific use cases, advanced users or explicit domains may be desirable but is cumbersome in the current environment.

Impact:

Purposely malicious JavaScript on allowed pages is a security vulnerability and may not be acceptable in certain environments. User expectations must be managed if JavaScript use is considered as too risky.

Solution

Profile Method:
Create or edit a configuration profile with the following information:

The PayloadType string is com.apple.Safari

The key to include is WebKitPreferences.javaScriptEnabled

The key must be set to: <true/>

Note: This mobile configuration profile setting with enable Javascript and remove the ability for the user to disable it in the GUI.

See Also

https://workbench.cisecurity.org/benchmarks/14563

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CM-10, 800-53|SC-18, CSCv7|7.1

Plugin: Unix

Control ID: fad14a8d750ab13adad477b9b7d129e593129e584b4e0da3309f455231298f06