Am 05. Jan, 2018 schwätzte Herminio Hernandez, Jr. so:
moin moin,
Yeah, JavaScript's annoying. I've been using NoScript to block it outright
for years. I only allow certain sites to have JavaScript. Some of those
sites only get JavaScript when I'm trying to checkout. Some get their own
browser instance before I allow them to have JavaScript.
Recently JavaScript has been used to do bitcoin mining via web browsers
and it's had several security issues over the years.
It can't escape the sandbox if it never runs :).
ciao,
der.hans# It's up to the reader to make the book interesting.
Damn Stallman was right again
https://www.gnu.org/philosophy/po/javascript-trap.ja-en.html
On Thu, Jan 4, 2018 at 10:52 PM, Andrew McRobb <andrewmcrobb@gmail.com>
wrote:
JavaScript being the Raccoon? heh
Andrew McRobb
Full-time Software Developer
Part-time Freelancer
mcrobb.info
On Thu, Jan 4, 2018 at 8:46 PM, Ed <plug@0x1b.com> wrote:
More like raccoons to oranges...
8)
On Thu, Jan 4, 2018 at 4:59 PM, der.hans <PLUGd@lufthans.com> wrote:
Am 04. Jan, 2018 schwätzte Andrew McRobb so:still
moin moin Andrew,
cool, sounds like having umatrix or NoScript blocking javascript is
sufficient.handle
Need to make sure <script> is blocked as well as the external JS.
https://www.w3schools.com/html/html_scripts.asp
ciao,
der.hans
No, HTML5 is a markup at the end of the day. Comparing JS and HTML, is
like
comparing apples to oranges. All HTML5 does is include new tags to use
when
building a web app for you or search engines to use:
https://www.w3schools.com/html/html5_intro.asp . It doesn't at all
handleany logic like JS would, if that's what you are asking.
Same can almost go for CSS. It's a description language, it doesn't
years.any logic (except for select queries). However, CSS is starting to
implement variables, but you can only use those for *attributes*. Not
write
a fully functional app with CSS alone.
Andrew McRobb
Full-time Software Developer
Part-time Freelancer
mcrobb.info
On Thu, Jan 4, 2018 at 10:21 AM, der.hans <PLUGd@lufthans.com> wrote:
moin moin,
I haven't paid much attention to HTML and CSS standards for many
security/ssca
As I understand it, HTML5 is script-like to lesson use of javascript.
Does that mean plain HTML ( no javascript ) is sufficient to exploit
browsers in light of #meltdown and #spectre ?
https://blog.mozilla.org/security/2018/01/03/mitigations-
landing-new-class-timing-attack/
https://sites.google.com/a/chromium.org/dev/Home/chromium-
------------------------------
What about CSS?
ciao,
der.hans
--
# https://www.LuftHans.com https://www.PhxLinux.org
# As we enjoy great Advantages from the
# Inventions of others we should be glad of an
# Opportunity to serve others by any Invention of ours,
# and this we should do freely and generously.
# -- Benjamin Franklin (1706-1790), on his refusal to patent his
inventions.
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
--
# https://www.LuftHans.com https://www.PhxLinux.org
# Nobody grows old merely by living a number of years.
# We grow old by deserting our ideals.
# Years may wrinkle the skin, but to give up enthusiasm
# wrinkles the soul. -- Samuel Ullman
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
--
# https://www.LuftHans.com https://www.PhxLinux.org
# An author has only the opportunity to make it uninteresting. - der.hans
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss