Hacker News new | ask | show | jobs
by johannes1234321 1329 days ago
> JS is a security risk IMO.

A network connection is a security risk.

The question is whether the benefits outweighs the risk added by enabling it.

For me the benefit of disabling JS is more in privacy and disabling annoying user experience. JavaScriot runtimes are quite well audited meanwhile.
1 comments
zasdffaa 1329 days ago
And a turing complete language delivered from a third party over said network connection to be executed locally will exponentially increases that risk, no?

> JavaScriot runtimes are quite well audited meanwhile.

Given (for example) the leftpad trainwreck, is that really true?

link
johannes1234321 1329 days ago
> > JavaScriot runtimes are quite well audited meanwhile.

> Given (for example) the leftpad trainwreck, is that really true?

That was that some (quite pointless) code was not available anymore as easily. Not a security issue.

link
zasdffaa 1329 days ago
That's entirely irrelevant. It was available, got used, and things massively fell over when it was pulled. You've given no case to show things have changed - can you actually give any evidence that 'JavaScriot runtimes are quite well audited'.
link
johannes1234321 1329 days ago
Correct, leftpad ia completely irrelevant for the discussion.
link
zasdffaa 1329 days ago
And helloooo eternal september. You haven't a clue.
link
vntok 1328 days ago
It really was a non-event.
link