09-15-2025, 05:47 AM
|
#1 |
|
Still reading
  
Posts: 14,759
Karma: 109269703
Join Date: Jun 2017
Location: Ireland
Device: All 4 Kinds: epub eink, Kindle, android eink, NxtPaper
|
Javascript risks?
Do ereaders (that have a browser) and apps (all apps, any platform) that support Javascript need a setting that disables it? Or at least by default sandboxes if to only allow resources in the file? Or disable it always in an svg?
Javascript Trojans in svg images |
|
|
|
09-15-2025, 07:50 AM
|
#2 |
|
creator of calibre
Posts: 45,558
Karma: 28548962
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
|
ebook readers dont share cookies/local storage data with your browser. So unless you have actually logged into facebook or whatever the site in question is using your ebook reader software, this class of attack does not apply. Indeed, I doubt the attack applies even with regular browsers because nowadays most websites implement CSRF and other mitigations for precisely this sort of thing.
|
|
|
|
| Advert | |
|
|
|
09-15-2025, 08:58 AM
|
#3 | |
|
Still reading
Posts: 14,759
Karma: 109269703
Join Date: Jun 2017
Location: Ireland
Device: All 4 Kinds: epub eink, Kindle, android eink, NxtPaper
|
Quote:
Actually a lot of malware / attacks are less dangerous than headlines or reporting suggest. But really 3rd party scripts and especially adverts that use 3rd party scripts are the biggest risk on browsers. I don't block adverts but I do block 3rd party scripts. Chrome / Chromium seems determined to cripple that. However, someone may get more creative with js in svg. |
|
|
|
|
|
09-15-2025, 10:01 AM
|
#4 |
|
Grand Sorcerer
Posts: 28,808
Karma: 206879174
Join Date: Jan 2010
Device: Nexus 7, Kindle Fire HD
|
Not technically an ereader, but Sigil's default behavior is to not allow javascript functionality (nor access all remote resource types) in epubs. The user can then override those two settings in the preferences if they so choose.
|
|
|
|
|
09-15-2025, 11:22 AM
|
#5 | |
|
Still reading
Posts: 14,759
Karma: 109269703
Join Date: Jun 2017
Location: Ireland
Device: All 4 Kinds: epub eink, Kindle, android eink, NxtPaper
|
Quote:
Last edited by DiapDealer; 09-15-2025 at 12:29 PM. |
|
|
|
|
| Advert | |
|
|
|
Yesterday, 05:56 PM
|
#6 |
|
Custom User Title
Posts: 11,246
Karma: 77935877
Join Date: Oct 2018
Location: Canada
Device: Kobo Libra H2O, formerly Aura HD
|
Calibre did have a glitch for a while where an iFrame in a ePub might unexpectedly open a website in browser without user interaction.
I reported this as a security bug because I thought that this could be used to redirect users to malicious websites. Kovid disagreed, but fixed it anyways because it was annoying behaviour. |
|
|
|
|
Today, 04:57 AM
|
#7 |
|
Still reading
Posts: 14,759
Karma: 109269703
Join Date: Jun 2017
Location: Ireland
Device: All 4 Kinds: epub eink, Kindle, android eink, NxtPaper
|
Kovid is totally brilliant, but no-one is always right.
|
|
|
|
 |
«
Previous Thread
|
Next Thread
»
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| What are the risks of drag/drop and in which cases? | repilo | Sigil | 18 | 09-16-2023 02:04 PM |
| Are there any risks of information loss when converting formats? | elPedr0 | Conversion | 3 | 11-08-2022 02:13 AM |
| Risks of Leaving Content Server On | Sydney's Mom | Calibre | 4 | 09-25-2016 07:19 PM |
| Risks of bricking a paperwhite. | Griloz | Kindle Developer's Corner | 5 | 05-05-2013 09:47 PM |
| RISKS Digest | womar | Recipes | 1 | 02-13-2011 10:00 AM |
All times are GMT -4. The time now is 08:41 PM.