Thread: Javascript risks?
View Single Post
Old 09-15-2025, 09:58 AM   #3
Quoth
Still reading
Quoth ought to be getting tired of karma fortunes by now.Quoth ought to be getting tired of karma fortunes by now.Quoth ought to be getting tired of karma fortunes by now.Quoth ought to be getting tired of karma fortunes by now.Quoth ought to be getting tired of karma fortunes by now.Quoth ought to be getting tired of karma fortunes by now.Quoth ought to be getting tired of karma fortunes by now.Quoth ought to be getting tired of karma fortunes by now.Quoth ought to be getting tired of karma fortunes by now.Quoth ought to be getting tired of karma fortunes by now.Quoth ought to be getting tired of karma fortunes by now.
 
Quoth's Avatar
 
Posts: 15,182
Karma: 111120239
Join Date: Jun 2017
Location: Ireland
Device: All 4 Kinds: epub eink, Kindle, android eink, NxtPaper
Quote:
Originally Posted by kovidgoyal View Post
ebook readers dont share cookies/local storage data with your browser. So unless you have actually logged into facebook or whatever the site in question is using your ebook reader software, this class of attack does not apply. Indeed, I doubt the attack applies even with regular browsers because nowadays most websites implement CSRF and other mitigations for precisely this sort of thing.
TBH, I'd worry more about some iOS and especially Android epub apps. Many epub Apps I've looked at on Android seem to be rubbish.

Actually a lot of malware / attacks are less dangerous than headlines or reporting suggest. But really 3rd party scripts and especially adverts that use 3rd party scripts are the biggest risk on browsers. I don't block adverts but I do block 3rd party scripts. Chrome / Chromium seems determined to cripple that.

However, someone may get more creative with js in svg.
Quoth is offline   Reply With Quote