Has everyone forgotten why we got rid of technologies such as Java Runtime Environment and Adobe Flash?
Have we forgotten all the security concerns?
So we replaced JRE and Flash with the same functionality implemented in JavaScript, once a simple scripting language for web browsers, now capable of all kinds of features including accessing a number of hardware devices, now how can this go wrong? All of them try to be sandboxed, but that is not enough. In principal WebAssembly is not any different from JRE.
Unfortunately most web pages today needs JavaScript, so you can't just disable it either. I wonder how many more browsers issues we're going to see before people realize we need a limited scripting language we can trust, and only enable full JavaScript or WebAssembly for pages we "trust". And since browsers are throwing in features every few months, the web browser is now by far the greatest security risk on any computer. I'll be soon only running web browsers in virtual machines.
Have we forgotten all the security concerns?
So we replaced JRE and Flash with the same functionality implemented in JavaScript, once a simple scripting language for web browsers, now capable of all kinds of features including accessing a number of hardware devices, now how can this go wrong? All of them try to be sandboxed, but that is not enough. In principal WebAssembly is not any different from JRE.
Unfortunately most web pages today needs JavaScript, so you can't just disable it either. I wonder how many more browsers issues we're going to see before people realize we need a limited scripting language we can trust, and only enable full JavaScript or WebAssembly for pages we "trust". And since browsers are throwing in features every few months, the web browser is now by far the greatest security risk on any computer. I'll be soon only running web browsers in virtual machines.
Comment