undefined | Better HN

0 pointsxg158y ago0 comments

I think that advice got warped/lost in translation: Wasn't the original advice "dont't paste stuff copied from web pages into the CLI"? - Because a bad page could covertly change what is actually copied via JS.

That danger doesn't apply when things are copied from the browser chrome (address bar) or other locations. So why would pasting then still be dangerous?

I think blindly passing on advices "because $SECURITY" can actually detrimental to security because you may end up with half a dozen esoteric practices without actually knowing what they defend against. (I know the parent was half-joking, I think that's a more general problem)

0 comments

jrimbault8y ago

You don't even need JS. In French and in style:

    <p>un paragraphe <span style="font-size: 0;">pas si </span>innocent</p>

So disabling JS won't protect you from those.

j / k navigate · click thread line to collapse

0 comments

jrimbault8y ago

You don't even need JS. In French and in style:

    <p>un paragraphe <span style="font-size: 0;">pas si </span>innocent</p>

So disabling JS won't protect you from those.

j / k navigate · click thread line to collapse