[squid_demon]

Don't worry. There is no malicious code contained within this QR code!

[dheera]

Yeah I'd much prefer it be a javascript: URL that did all the magic in the browser. Much safer, cross platform, and it would probably work out of the box in existing QR reader apps.

[ant6n]

But the snake in a QR code probably works offline

[dheera]

A javascript: URL can work offline. Try this: javascript:document.write("hello world");

Note that if you cut and paste into Chrome it may delete the "javascript:" part and you will have to add that back.

[ALittleLight]

Can a QR code convert to JavaScript like that? i.e. instead of opening a webpage it just executes some JavaScript.

[Shared404]

That's what I thought about as soon as I read this. Seems like a great malware installation vector.

Just print out stickers and put them up at restaurants, stores...

[avree]

For which 99.99999% of users will be using mobile clients to scan the QR code that have no capability of executing the code...

[pugworthy]

Yes, embedding a Windows app is essentially pointless for mobile users, but there are many other delivery vectors available from QR codes.

There are some interesting approaches listed at https://news.sophos.com/en-us/2019/10/17/beware-the-square-h...

[johnisgood]

Yet. :D

[7373737373]

I've been working on a virtual machine where this wouldn't be a problem: https://esolangs.org/wiki/RarVM#Jumping_processes

(small process snapshot sizes and sandboxing capabilities)

Using the WebAssembly VM would be a good alternative for real applications.