LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Gnash, Lightspark, and Shumway

Gnash, Lightspark, and Shumway

Posted Nov 26, 2012 9:21 UTC (Mon) by intgr (subscriber, #39733)
In reply to: Gnash, Lightspark, and Shumway by khim
Parent article: Gnash, Lightspark, and Shumway

Dafuq? In the last post you were trying to convince me how non-transitive comparisons in JavaScript *the language* is the worst security flaw ever.

Now you suddenly changed topic to HTML and web technologies and claim I'm "dumb" for not reading your mind? Remember, you were comparing C++ with JavaScript, not C++ with HTML or "the web" (does that even make sense?).

JavaScript is also used in Node.JS, Mozilla's XUL GUI, Gnome 3, PostgreSQL stored procedures, etc etc. None of these are vulnerable to the HTML vulnerabilities you describe.

And don't get me wrong -- I certainly agree that the way how web applications and JavaScript interact with HTML is a very generous place for security problems. But these aren't a problem of JavaScript *the language*.

> Do you change innerHTML?
Most people would use textContent, but suit yourself...

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds