O
optimistx
Assume:
1) A programmer has written a htlm page with javascript code, which is
loaded to and executed in client's computer.
2) The http-server, which is sending the page, does not execute php, does
not use ajax, does not use passwords, has sql-files (=the most typical
server serving simple pages to clients). http-get-requests are used.
I cannot imagine how the client could damage the server, if the loaded page
allows the client to execute any javascript code without any checking, e.g.
with eval. E.g. there could be a textarea, which the client can fill with
any js code imaginable and the contents is eval'd in client's computer.
Would this be a security risk for the server? Or for the client so that the
client could blame the programmer?
1) A programmer has written a htlm page with javascript code, which is
loaded to and executed in client's computer.
2) The http-server, which is sending the page, does not execute php, does
not use ajax, does not use passwords, has sql-files (=the most typical
server serving simple pages to clients). http-get-requests are used.
I cannot imagine how the client could damage the server, if the loaded page
allows the client to execute any javascript code without any checking, e.g.
with eval. E.g. there could be a textarea, which the client can fill with
any js code imaginable and the contents is eval'd in client's computer.
Would this be a security risk for the server? Or for the client so that the
client could blame the programmer?