On Nov 28, 2007 7:06 PM, Douglas A. Tutty <[EMAIL PROTECTED]> wrote: <snip> > > AIUI, enabling JavaScript enables the remote site to run javascript on > your box. It doesn't do any sort of audit of what it will run. So I > would assume tht it can do whatever javascript is capable of. > > Can javascript read my .ssh directory and grab my id_rsa or id_dsa?
Javascript the language can - i.e. you could write a script file in JS instead of Perl. However, JS that is run in a web page is sandboxed. If it could read your files it would be considered a (very) major security flaw in that browser's JS implementation and the news would be all over the tech sites. Cheers, Kelly Clowers -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
