Security and Javascript

Timo Juhani Lindfors timo.lindfors at
Fri Jun 28 09:18:03 UTC 2013

Matthias Kirschner <mk at> writes:
> 3) From a security point you are lost as soon as you give an adversary
> the opportunity to control your system. 

Well, javascript is run a restricted environment. I don't see how you'd
be lost by running javascript. Also many universities let their students
run code on their systems but I don't consider they have "lost".

> 4) Only non-active web content can guarantee that you keep control over
> your equipment. 

There are security issues also in the code that parses this non-active
content. Javascript is replacing a lot of things that used to be
separate plugins with poor security track record.

More information about the Discussion mailing list