|
|
|
|
|
|
by coldtea
4240 days ago
|
|
|
>It might actually be worse, because if you tell people you don't run macros in untrusted office documents, most people will applaud you for being wise -- while if you say you use noscript people will dismiss you as a paranoid Luddite. Maybe because macros are a BS add-on functionality that does nothing for 99.9% of Office users, whereas JS is a key component of the modern, dynamic, web. >Runable code created by random people, from random sources, in one address space with access to all your user data -- what could go wrong? Yeah, it's not like we have a security model for JS, sandboxed environments, and even each tab running as a separate process. |
|
|
Sandboxed environments containing user data that web developers voluntarily compromise by then inserting 3rd-party controlled code.