Hacker News new | ask | show | jobs
by tremon 2292 days ago
Highly disagree here. Javascript's DOM parsing functionality has but one purpose: presentation manipulation, i.e. rendering. Having something like that running as SYSTEM is a security issue in itself, regardless of where the code comes from.

FFS, even display drivers don't run with full system privileges anymore.
1 comments
mosdl 2292 days ago
JS has no DOM API, browsers provide JS an API to use. Plus DOM had nothing to do with rendering, it's just tree manipulation APIs.
link