Hacker News new | comments | show | ask | jobs | submit login

If you are browsing the web with a 10 year old browser you are opening yourself up to a ton of security bugs. Whether json responses contain a while loop or not isn't going to make a difference.

The reason Google and Facebook keep this kind of stuff around is because it's there and doesn't hurt to keep it. There's a slight chance it will provide some protection if a similar attack vector is discovered.

But aren't you saying this is an already existing attack vector then?? Why try to find a similar one if you knew you could just get an older browser version and use this one? Is that not a good enough reason to be prepared for it?

As sagethesagesage said [1], you're protecting the user from having their browser pass the user's data from your site to a malicious site. The attacker shouldn't be able to make the user run an old, vulnerable browser.

[1] https://news.ycombinator.com/item?id=14282532

Applications are open for YC Winter 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact