Thread: Malicious ebooks?
View Single Post
Old 12-30-2016, 10:08 AM   #5
chrisridd
Guru
chrisridd ought to be getting tired of karma fortunes by now.chrisridd ought to be getting tired of karma fortunes by now.chrisridd ought to be getting tired of karma fortunes by now.chrisridd ought to be getting tired of karma fortunes by now.chrisridd ought to be getting tired of karma fortunes by now.chrisridd ought to be getting tired of karma fortunes by now.chrisridd ought to be getting tired of karma fortunes by now.chrisridd ought to be getting tired of karma fortunes by now.chrisridd ought to be getting tired of karma fortunes by now.chrisridd ought to be getting tired of karma fortunes by now.chrisridd ought to be getting tired of karma fortunes by now.
 
chrisridd's Avatar
 
Posts: 982
Karma: 2209358
Join Date: Nov 2011
Location: London, UK
Device: Kobo Aura, Kobo Aura ONE, PocketBook InkPad Color 3
Quote:
Originally Posted by JSWolf View Post
I've always thought that javascript inside and eBook was a rather bad idea. It's a book, not a computer program.
Yes, Javascript is clearly a significant attack vector. I guess the JS engine can be restricted to only have read access to the filesystem (or no access) and similarly no access to the network, and then you need to prevent resource exhaustion type attacks.

But even plain old XML can also be abused in interesting ways. XML External Entities (e.g. "billion laughs") and XIncludes....
chrisridd is offline   Reply With Quote