"When you allow third parties to run script on your site, you’re entirely beholden to them; they can run anything they like in the context of your site"<p>I've seen a fair few Internet banking web sites pulling scripts from over a dozen third parties, mostly for tracking and advertising, but even for trivial things like social media. On their customer login pages. It's beyond me how they can consider this to be an acceptable risk.
If you're going to put adverts on your site, always put them within an iframe, pointed at a separate "adverts" only domain. This will ensure they can't execute javascript within your own website context.
The throw away comment on how ad networks are a cesspit at the end of that article really spoke to me - if it weren't for the abundance of "Recommended Stories" and "From elsewhere on the web" crap selling weight loss pills and click bait I'd be far less inclined to run with an ad blocker.<p>The fact that these ads disguise themselves as content that the site owner is recommending is particularly insidious, since it will likely encourage people to click through thinking that they can trust the content.
In retrospect it seems he could have saved himself a Fiddler session if he just opened console debugger in browser and used `?"-(function(){debugger}())-"` in URL instead of `?"-prompt()-"`. (I would not have guessed this either, but may come handy next time.)
This is why browsers should have an option "Block third party javascript" similar to "Block third party cookies".<p>With http2, relevant javascript files will be increasingly hosted on the same domain anyway and that option would become increasingly relevant.
I've resisted using an ad-blocker for years because I'm happy for the sites I visit daily to earn revenue that way, and for many it's the only way they can. I limited myself to running Privacy badger and blocking Facebook/Twitter tracking cookies, that kinda thing.<p>But this is the straw that's broken my camel's back and it spoils things for those of us who don't mind a few ads here and there. uBlock now installed, sod the ad networks.
Whenever I talk to people who work for ad networks or similar companies, I'm, without fail, impressed by how little technical knowledge they possess. If you work for a company that sells internet services, you should at least have some basic understanding of how the internet works.
as far as i can tell, adsafeprotected isn't actually for your or your visitors' protection, but for the advertisers (it seems to run a huge gob of incredibly slow scripts to "ensure" visibility, that there is actually an eyeball on the ad and that it's not hidden or collapsed or something)
What alternatives are there anyway?<p>I wonder what could be done to serve 3rd-party ads, making sure they can't hinder the experience of the users of the webpage.<p>Is this just laziness from those ad networks, or do we currently have the tools to counter this?