Hacker News new | ask | show | jobs
by CleanCoder 1831 days ago
If it required JS it would not be a bug in Windows HTML component.
1 comments
chmod775 1831 days ago
It's a bug in Trident/MSHTML, which includes a 'JScript' engine.

Anecdotally code execution exploits in pure HTML (that don't require JS) are exceedingly rare, so it is unlikely it doesn't use JS.

link