Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

Re: execute JS in http response in perl

by Anonymous Monk
on Jul 24, 2012 at 13:19 UTC ( #983401=note: print w/ replies, xml ) Need Help??


in reply to execute JS in http response in perl

It's usually not a good practice for the server to send JS to be blindly executed on the client side. Anyone could send anything and it would be blindly executed on the client side . . .


Comment on Re: execute JS in http response in perl
Re^2: execute JS in http response in perl
by tobyink (Abbot) on Jul 24, 2012 at 14:00 UTC

    Nonsense, this is how all browsers work - they blindly execute incoming scripts. I'm not saying there have never been any security issues doing this, but they've been few and far between. Why? Because the Javascript environment provided by browsers don't expose any potentially harmful system calls. For example, there does not exist a function in browsers' Javascript APIs which deletes a file from the filesystem.

    Of course, non-browser implementations of Javascript may expose whatever additional system functionality they like.

    perl -E'sub Monkey::do{say$_,for@_,do{($monkey=[caller(0)]->[3])=~s{::}{ }and$monkey}}"Monkey say"->Monkey::do'
Re^2: execute JS in http response in perl
by moritz (Cardinal) on Jul 24, 2012 at 16:21 UTC

    This is why browsers sandbox the javascript they receive from all servers, so that it can't open files from the file system, fork processes, change the browser's GUI etc. These days many browsers even prevent javascript from opening new browser windows.

    So when you write Perl code that executes Javascript, you should make sure it's also sandboxed the same way.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://983401]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (11)
As of 2014-07-11 21:05 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    When choosing user names for websites, I prefer to use:








    Results (235 votes), past polls