Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Running javascript provided by a site that's not from an authenticated source is... a pretty significant risk to certain people.

To the author: please turn on TLS for your site. It's free.



What's the risk? And what certain people? And how does knowing that said JavaScript is legitimately from "presidential-plinko.com" reduce that risk?


To know that your ISP / government / local MITM on your wifi didn't inject malicious JS? This has been a thing approximately forever https://arstechnica.com/tech-policy/2014/09/why-comcasts-jav...


And, to the question of "What certain people?", the answer, in the general case, includes Chinese dissidents:

https://www.zdnet.com/article/china-resurrects-great-cannon-...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: