|
|
|
|
|
|
by ashrk
2760 days ago
|
|
|
Yeah, you'd have to prevent JS from catching a broad set of user events at all, and disallow modification of most of the DOM by it. Again, basically restrict it to tightly-context-constrained functions to do stuff like custom sorting. There'd still be security issues with it from time to time, but they'd be bugs rather than baked-in insecurity that's part of its feature set. |
|
|