Hacker News new | past | comments | ask | show | jobs | submit login

3) Right - and I guess "fingerprinting" goes slightly beyond cookies - but when people say "execute arbitrary code" they typically imply something has free-reign, which JavaScript generally doesn't.

4) True, although it's my understanding that the exploits are hard to implement, doubly-so from an abstracted layer like JavaScript.

> trickery, manipulation...like trying to embed a frame from Facebook and steal user credentials or so on

This falls under "cookies-based", and I'm pretty sure no JavaScript is necessary for these kinds of attacks.




Good point on 3. I guess the main point is browsers at least disallow reading and writing arbitrary files directly.




Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: