Wowhead will never steal your account.


I've been web browsing with all scripts enabled for years(adblock aside), and my account hasn't been stolen in the 1 1/2 years I've been playing. Just enable the wowhead script. It saves having to manually click over to wowhead from wowinsider.

That mostly just gives you a false sense of security, have you uninstalled your pdf reader as well? If you haven't updated Acrobat reader in 6-12 months (or so) your computer can be hacked by a malicious pdf link, no need to use javascript for that. If you haven't updated IE6 since you installed it you can get hacked by looking at an image. Etc, etc.

Your much more likely to be hacked by using an addon auto updater than having javascript enabled in your browser, javascript security holes are a problem for *all* users on the web, so they get patched rather quickly once found, whereas auto updaters for addons are specifically used by WoW users, so you have less people that can find the security holes, and theres a bigger chance that you loose your account if they aren't found and patched in time.

You can also look at it from the hackers point of view, which is easier, to exploit a javascript bug that means they have to find a hole Microsoft or the Firefox team has missed, even though they work extensively with security. Or try to hack a single website (all they need is to find the password for the webserver) and upload a hacked autoupdater.

TL;DR: Always update your webbrowsers, your operative systems and any addins to your browsers (such as acrobat reader). Don't use auto updaters for your addons. And of course, try to be smart about what you install and from where you get it.

Appending the little "?lol" to the script makes browsers to download the .js again, and not use the cached one...

If i ever start a blog, i'll surely use it!

The "?lol" only forces your users to update their cached copy of the script. It doesn't have any impact on the actual javascript file delivered from the server. So if you've been using their tooltips and you think your users might have the script cached, put "?lol" (or really "?whatever") at the end to trick the browser into getting the newest version. But if you've never used the Wowhead tooltips on your site before and you're pretty sure your visitors won't have the script cached from another site (remember it's coming from wowhead.com, not from your server) then you can just use the normal URL.

Either way, once the cached version expires from their browsers in a few days they'll all get the newest version anyway.

this is all smells of bullsh*t to me, especially since the main 'wowhead powered' site doesn't even tell you to do it.

caching of content, or refreshing of cached items is handled by the browser (yes, i know you can force content not to be cached in code, when the browser is set to fetch items from the cache if they exist there), so surely a better place to set it would be in the actual code link everyone is already using without a LaughOutLoud parameter, or ask people to check their browser settings.

@jrb, that would mean they had the foresight of doing it right from the start, if they didn't and told all webbrowsers that it's alright to keep a copy until the year 2999 and that they don't need to check with the server, then that's what the webbrowsers will do.

On that note, if your on a webpage that used to show those "tooltips", and it isn't anymore, you can hit Ctrl + F5 to force your webbrowser to fetch the javascript (and everything else on that webpage) fresh from the server.

you are using their (wowheads) bandwidth, not your storage space. the js file is loaded from their server

@ alektraunic: And then it gets cached locally, hence the problem mentioned in the article and the extra storage space. :P

Oh i know its storaged at them...

But "?lol" consists of 4 symbols. Together thats 22 bits :)
Its nothing, I was just joking

How could you not tell that he was joking?