Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

3) Right - and I guess "fingerprinting" goes slightly beyond cookies - but when people say "execute arbitrary code" they typically imply something has free-reign, which JavaScript generally doesn't.

4) True, although it's my understanding that the exploits are hard to implement, doubly-so from an abstracted layer like JavaScript.

> trickery, manipulation...like trying to embed a frame from Facebook and steal user credentials or so on

This falls under "cookies-based", and I'm pretty sure no JavaScript is necessary for these kinds of attacks.




Good point on 3. I guess the main point is browsers at least disallow reading and writing arbitrary files directly.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: