Hacker News new | ask | show | jobs
by chmod775 1831 days ago
It's a bug in Trident/MSHTML, which includes a 'JScript' engine.

Anecdotally code execution exploits in pure HTML (that don't require JS) are exceedingly rare, so it is unlikely it doesn't use JS.