Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

JavaScript is the main way of delivering attacks because it's the main way of getting a browser to do anything. Actual vulnerabilities tend to be anywhere (image decoding in particular) and you can trigger them from anything, it's just easier to trigger them from JavaScript rather than some absurd spaghetti CSS.



As the OP says, many things can be done without it.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: