undefined | Better HN

0 pointssamwillis7mo ago0 comments

The point of the js engine sandbox is to protect the user in the browser - it's completely redundant on the server. Supply chain attacks are real, but only Deno has tried to fix that through permissions/rules.

I don't think anything changes with compile to native on the server.

0 comments

rafram7mo ago

Totally disagree. A spec-compliant JS engine has to support the features that allow vulnerabilities like prototype pollution, which can be exploited through user input alone.

j / k navigate · click thread line to collapse

0 pointssamwillis7mo ago0 comments

I don't think anything changes with compile to native on the server.

0 comments

rafram7mo ago

Totally disagree. A spec-compliant JS engine has to support the features that allow vulnerabilities like prototype pollution, which can be exploited through user input alone.

j / k navigate · click thread line to collapse