[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How does GMail know I use Firebug extension in Iceweasel?

On Nov 28, 2007 7:06 PM, Douglas A. Tutty <dtutty@porchlight.ca> wrote:

<snip>
>
> AIUI, enabling JavaScript enables the remote site to run javascript on
> your box.  It doesn't do any sort of audit of what it will run.  So I
> would assume tht it can do whatever javascript is capable of.
>
> Can javascript read my .ssh directory and grab my id_rsa or id_dsa?

Javascript the language can - i.e. you could write a script file in JS
instead of Perl. However, JS that is run in a web page is sandboxed.
If it could read your files it would be considered a (very) major security
flaw in that browser's JS implementation and the news would be all
over the tech sites.


Cheers,
Kelly Clowers
Reply to: