Information
This setting controls JavaScript URLs history from being displayed in the history bar.
Rationale:
Various browser elements, even a simple link, can embed javascript: URLs and access the javascript: protocol. The JavaScript statement used in a javascript: URL can be used to encapsulate a specially crafted URL that performs a malicious function.
Impact:
None - This is the default behavior.
Solution
To establish the recommended configuration, set browser.urlbar.filter.javascript to true:
Type about:config in the address bar
Type browser.urlbar.filter.javascript in the filter
Ensure the setting is set as prescribed.
OR
Open the mozilla.cfg file in the installation directory with a text editor
Add the following lines to mozilla.cfg:
lockPref('browser.urlbar.filter.javascript', true);
Default Value:
True