> To be fair, notwithstanding exploits in the underlying browser or hardware which lead to things like Spectre, at least javascript is sandboxed. No one is going to be able to sneak "rm -rf /*" into a script and have it work the way they could a native application.
It is fair to note this, but I would still take those examples as indicating the inherent dangers and failures of the paradigm. It's obviously infinitely better than just naively sticking native code execution into the browser without any protection at all, but that does not mean it is ultimately a good approach.
It is fair to note this, but I would still take those examples as indicating the inherent dangers and failures of the paradigm. It's obviously infinitely better than just naively sticking native code execution into the browser without any protection at all, but that does not mean it is ultimately a good approach.