Get the latest tech news

Is It Safe to Host HTML That Runs Its Own JavaScript?


We host whatever HTML people upload, JavaScript and all, and most of it is generated by an AI and never read line by line first. So the honest answer to 'what stops that code from injecting something or hijacking a session' is not that we scrub it clean. It is that we assume every page is hostile and make that assumption not matter. Here is exactly how.

None

Get the Android app

Or read this on Hacker News

Read more on:

Photo of javascript

javascript

Photo of HTML

HTML

Related news:

News photo

Show HN: Meow – The 4th and final JavaScript runtime and toolchain

News photo

Show HN: GolemUI – Declarative Form Engine

News photo

Show HN: Metaspec: The DpANS3R Common Lisp Spec in S-Expr and HTML Format