|
|
|
|
|
|
by stordoff
2675 days ago
|
|
|
How are you drawing a principled distinction between "if a website tells a browser to load something, the browser should do so" and "a website cannot load malware [except via an exploit]"? Clearly, asking the browser to load an EXE, or run this JavaScript that attacks website X, could be considered malware, so the line is fuzzier than 'if a website asks, a browser should load it'. 'We should patch exploits' and 'all things we would like to not load are considered exploits' seems to be rather begging the question. There is a class of things that use legitimate browser features, but we would prefer to not load by default. |
|
|