How much javascript is too much for a bank / finance website?
I recently opened savings and checking accounts at Ally bank. The former was to take advantage of their 1% bonus, and the latter was to investigate Ally as an alternative to my previously semi-fast and semi-efficient Chase checking account.
Upon logging into my Ally account, Firefox’s NoScript add-on threw up a slew of domains wanting javascript access. Fortunately, I only had to enable Ally.com for most of the site to work properly. Here is what NoScript showed as wanting access to my machine:
Is it normal for financial entities to run javascript from this many domains? I’ve come to expect it from many free and retail sites, but my other financial sites only ask for access to two or three domains, all of which they own. From a legal standpoint, if a non-bank owned domain is compromised, steals my credentials and then drains my account, would the bank responsible?
… guess I should change my nick to tin-foil-hatted honkinggoose. Uh, where’s that new icon thingy.