Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Is the console itself mostly written in JS? If that's the case, why didn't anyone think "this thing is accessible from JS, JS which could come from a (possibly untrusted) external site!" Were they planning on this "feature" being useful somehow? It reminds me of debuggers that can be crashed by what they're debugging, VMs that escape into their hosts, and (as mentioned) websites that try to disable right-click or otherwise interfere with the browser, which should ultimately be the one in control (by the user)...


The original idea of the javascript console was that it would be used by developers, to debug their own sites.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: