PubMed to force use of Javascript

L.Alten berg, delete SPAM SPaltenberAM at
Tue Feb 15 19:39:35 EST 2000

For all researchers out there who use the National Library of Medicine's 
PubMed database:

As of March, PubMed will force all researchers to use its new 
Javascript-required format, , 

and discontinue its current Javascript-free format .  

This change is occurring just when the CERT Coordination Center issued an 
advisory  (February 2, 2000) about the serious security holes that are caused 
by Javascript ( )

CERT Advises:
"Users may unintentionally execute scripts written by an attacker when they 
follow untrusted links in web pages, mail messages, or newsgroup postings. 
Users may also unknowingly execute malicious scripts when viewing dynamically 
generated pages based on content provided by other users. ... Web Users 
Should Disable Scripting Languages in Their Browsers: Exploiting this 
vulnerability to execute code requires that some form of embedded scripting 
language be enabled in the victim's browser. The most significant impact of 
this vulnerability can be avoided by disabling all scripting languages."

I believe it is extremely poor policy to discontinue PubMed's Javascript-free 
format, which works fine now, and force everyone into Javascript security 
vulnerability.  Many Web browsers will simply be unable to use PubMed; others 
will be forced to violate the security policies of their sites in order to 
use PubMed.

Therefore, I ask people to please send a note to PubMed, 
pubmednew at , or 
custq at,  and also cc: to 
sensen09 at 
(Rep. F. James Sensenbrenner, Jr. (WI), Chair of the House Science 
requesting that they continue maintaining their 
non-Javascript format for PubMed access.

Lee Altenberg, Ph.D.

E-mail: altenber at

More information about the Immuno mailing list