Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Imagine if wikipedia was a native app, what this vuln would have caused. I for one prefer using stuff in the browser where at least it's sandboxed. Also, there's nothing stopping you from disabling JS in your browser.


Wikipedia should be straight hypermedia. Simple.


If it was a native app it wouldn't be grabbing one of the hosted files and running it as code.


Have you never seen a native app's auto-update get hijacked by malware? It happened (yet again) last month [0]

Tons of native apps also have plugins or addons, which (surprise surprise) is just code downloaded from some central repo, and run with way less sandboxing than JS.

[0] https://www.bleepingcomputer.com/news/security/notepad-plus-...


That's pretty far from hosting the program in the same spot the content it manages is hosted, and also installing fresh versions instantly.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: