Security and Javascript
Timo Juhani Lindfors
timo.lindfors at iki.fi
Fri Jun 28 09:18:03 UTC 2013
Matthias Kirschner <mk at fsfe.org> writes:
> 3) From a security point you are lost as soon as you give an adversary
> the opportunity to control your system.
Well, javascript is run a restricted environment. I don't see how you'd
be lost by running javascript. Also many universities let their students
run code on their systems but I don't consider they have "lost".
> 4) Only non-active web content can guarantee that you keep control over
> your equipment.
There are security issues also in the code that parses this non-active
content. Javascript is replacing a lot of things that used to be
separate plugins with poor security track record.
More information about the Discussion
mailing list