[Foundation-l] Malicious user javascript

kelvSYC kelvsyc at shaw.ca
Tue May 24 03:25:43 UTC 2005


> Even if we tried to place restrictions on user JavaScript or  
> disable it
> entirely, there is no way to protect against that distinct from  
> general
> restrictions on submissions from some user. The malicious user could
> trivially substitute JavaScript that comes from their local machine or
> another source, a modifying proxy to insert it, or use a different
> client-side tool to perform equivalent processing.
>

It's too bad we can't prevent massive damage that may result from  
this.  Oh well...




More information about the foundation-l mailing list