|
|
|
|
|
|
by frutiger
1403 days ago
|
|
|
This is a weird claim anyway. If you're loading first-party content into the view, then it's no less secure than running, e.g. a Node.js script (or Python, Ruby, C++ program, Rust program, etc.) as the current user. A program you downloaded being able to do things it's supposed to do is generally a feature, not a bug. If you are loading third-party content, then sure, it's a completely different ball game. |
|
|