Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That's a non-problem because people who care about online security don't have JavaScript enabled by default.


OK what if the attacker replaces the action of the form to submit to their servers instead?

Also Pandora does not work without JavaScript just like most modern websites. Would be pointless to sign up then, wouldn't it.

Lastly, what you are saying is simply not true.


Security isn't binary.


Suffice to say: anybody who has JavaScript enabled by default demonstratably does not care about their security. Interest and competence in security is indeed a spectrum, but somebody in first grade math still knows what 2 + 2 is.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: