| brousch | http://yro.slashdot.org/story/12/03/17/0142219/websites-can-detect-what-chrome-extensions-youve-installed | 10:42 |
|---|---|---|
| snap-l | I'm so glad we chose Javascript for our web language. :) | 14:01 |
| snap-l | I was worried when we decided to move from PHP to other languages that we'd make the web more secure. ;) | 14:03 |
| rick_h | psh, what security issue is it you've run into? | 14:20 |
| snap-l | See scrollback from brousch | 14:20 |
| rick_h | this isn't anything JS related, just how chrome does extensions | 14:22 |
| jrwren | i'm learning things about python that i'd never thought about before. | 14:27 |
| jrwren | like from module import name <-- what that ACTUALLY does. | 14:27 |
| jrwren | its interesting | 14:27 |
| jrwren | very C like, very java/c# unlike | 14:27 |
| jrwren | gonna be hard to get a buffer overflow in js :) | 14:28 |
| rick_h | jrwren: heh, import magic! | 15:58 |
| snap-l | rick_h: Yes but the extensions are written in JS, correct? | 16:01 |
| rick_h | snap-l: right, js and html, but he's reading your manifest.json file, which is required for the extension. So chrome should just prevent access to that file to the running website | 16:04 |
| snap-l | True, this is a problem with how Chrome handles extensions | 16:04 |
| rick_h | right, and nothing to do with JS security | 16:04 |
| rick_h | :P | 16:04 |
| snap-l | rick_h: I can see this getting worse before it gets better. :) | 16:05 |
| snap-l | Javascript is extremely powerful and very well integrated into the browser. | 16:05 |
| greg-g | don't use chrome :) | 18:16 |
| snap-l | Good evenning | 22:29 |
| rick_h | party | 23:01 |
| snap-l | http://blandvargar.bandcamp.com/ <- And this is why I don't play much black metal | 23:50 |
| snap-l | although this isn't the worst I've heard. | 23:50 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!