Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://ieji.de/users/LorenzoAncora/statuses/115174360510068398">Lorenzo Ancora :verified: (lorenzoancora@ieji.de)'s status on Tuesday, 09-Sep-2025 21:51:01 JST</a><a href="https://ieji.de/@LorenzoAncora" title="lorenzoancora@ieji.de"><img src="https://gnusocial.jp/avatar/286580-48-20250121002514.webp" width="48" height="48" alt="Lorenzo Ancora :verified:" style="position: absolute; left: 0; top: 0;">Lorenzo Ancora :verified:</a><div><a href="https://freesoftwareextremist.com/objects/1b5111f5-5e6c-4f1f-a1bd-f86617dfd3b0" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://freesoftwareextremist.com/users/Suiseiseki">@Suiseiseki</a> if you don't update your web browser, every attack is possible with and without JS.</p><p>JS already requires permissions for critical operation.</p><p>JS requests are subject to CORS and cannot be arbitrary.</p><p>Web apps from YouTube to your bank need same-domain background requests to work, its normal.</p><p>Unless both the DNS and the site is compromised and you are specifically targeted, JavaScript can't hack your LAN.</p><p>JavaScript is executed in a sandbox and sometimes cached, never installed.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4663649#notice-11009213">In conversation</a><time datetime="2025-09-09T21:51:01+09:00" title="Tuesday, 09-Sep-2025 21:51:01 JST">about 4 months ago</time> <span>from <span><a href="https://ieji.de/@LorenzoAncora/115174360510068398" rel="external" title="Sent from ieji.de via ActivityPub">ieji.de</a></span></span><a href="https://ieji.de/@LorenzoAncora/115174360510068398">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Lorenzo Ancora :verified: (lorenzoancora@ieji.de)'s status on Tuesday, 09-Sep-2025 21:51:01 JSTLorenzo Ancora :verified:
in reply to
- 翠星石
@Suiseiseki if you don't update your web browser, every attack is possible with and without JS.
JS already requires permissions for critical operation.
JS requests are subject to CORS and cannot be arbitrary.
Web apps from YouTube to your bank need same-domain background requests to work, its normal.
Unless both the DNS and the site is compromised and you are specifically targeted, JavaScript can't hack your LAN.
JavaScript is executed in a sandbox and sometimes cached, never installed.
In conversationabout 4 months ago from ieji.depermalink

Public

Embed Notice

HTML Code

Corresponding Notice