Details
JavaScript enables web site authors to create enhanced user interfaces. In support of this, JavaScript enables web sites to programmatically read and alter the document object model (DOM) for the rendered web site as well as instantiate various objects, such as asynchronous XML HTTP request (XHR) objects. It is recommended that JavaScript be disabled.
Rationale:
JavaScript continues to be an attack vector for exploiting vulnerabilities in the browser. Additionally, JavaScript is commonly leveraged by exploit authors to create a deterministic memory layout in support of increasing the reliability of exploits.
Solution
Follow the below steps to set Enable JavaScript to Disabled:
1. Click Safari.
2. Click Preferences.
3. Click AutoFill.
4. Uncheck the Enable JavaScript checkbox.
To configure the plist follow the below steps:
1. Open the com.apple.Safari.plist.
2. Find the token
3. Ensure this token is immediately followed by
Default Value:
Enabled.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.