• @reinei@lemmy.world
    link
    fedilink
    English
    119 months ago

    Whaat‽ You mean auto downloading and executing foreign JavaScript in a users webpage from some server/CDN I might not even know myself as an ad company could be an attack vector? Never!

    (This mostly for those people who may not know that some [most? Dunno don’t have a source for this] ad networks literally allow advertisers to inject small chunks of html into pages for “more interactive/better ads”!!)

    • @_dev_null@lemmy.zxcvn.xyz
      link
      fedilink
      English
      39 months ago

      executing foreign JavaScript

      This is a great point I try to convey to my less-technical friends and family. Looking at a webpage is not like changing the channel on a tv of old. Looking at a webpage pulls code from who knows where and executes it on your local machine.

      These advertisers expect that I should blindly trust them to execute code on my cpu, in my memory, on my machine? Yeah fuck that, it’s a privilege. I don’t invite every hobo walking by to come into my house and take a shit in my toilet.

      If they don’t like that not everyone executes their syphilis-ridden javascript, then they should put their shit behind a paywall. But they won’t, since they know they don’t have a product worth paying for.