But all your visitor will need to connect to cdnjs.com when they visit your
site. In effect, cdnjs.com can spy the web, because their goal is many sites
to use their service and hence visitors of various websites to visit
cdnjs.com too. It's the same thing as Google's
That seems better, but still a problem for privacy. For various reasons,
like:
How can differentiate between sites who will give a long Expires header,
between those who don't.
I browse the web with the RequestPolicy plugin, so I don't have to constantly
tell everyone what sites I
This is one of the reasons why the Expires header is used (for libraries
on CDNs, not tracking scripts/images): the CDN knows that you downloaded
the library, with one referer per year, the browser doesn't contact them
if you visit another page using the same library. If enough sites that
you use
I'm a fan of https://cdnjs.com
There's some useful info on fingerprinting here:
https://panopticlick.eff.org/
Well, not just a scripting language engines, but every online connecting
program may possible be exploited to do something malicious, like escalating
privileges. Things like cross-side scripting are disabled in any normal web
browser, because they are know to be malicious.
The Mozilla
Diaspora, Friendica, YouTube, Google Maps, Quitter (GNU Social), and
Reddit?
Yes, apart from Google Maps, the use of JavaScript seem trivial and generic.
They mostly use JavaScript just to load text using XMLHttpRequest() and put
it on a page (comments, posts, etc.).
An Google Maps is
As a developer who uses JavaScript in the web, I'm curious why people think
it's insecure? Can you tell me what features of JavaScript are insecure and
how can one make malicious code with JavaScript run in a browser?
Web JavaScript code isn't like any other software you install on you
As a developer who uses JavaScript in the web, I'm curious why people think
it's insecure? Can you tell me what features of JavaScript are insecure and
how can one make malicious code with JavaScript run in a browser?
Here's something https://noscript.net/faq#qa1_10 and here's some more
how can one make malicious code with JavaScript run in a browser?
JavaScript is a programming language, so of course it's possible to do
something malicious with it. You can only limit the capabilities of a
language so much before you start hindering its usefulness.
Fingerprinting is the
Can't these programs be hosted on Savannah?
I really like LibreJS, and I like how it's allowing web developers a coherent
way to free their javascript. I also feel much more secure running LibreJS,
as it disallows nonfree javascript from running on my machine.
But even if a web developer conformed perfectly to the protocol of LibreJS
I've also suggested this in the past,[1] and I agree completely.
[1] https://onpon4.github.io/other/kill-js/
13 matches
Mail list logo