The point of the js engine sandbox is to protect the user in the browser - it's ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		samwillis 3 months ago \| parent \| context \| favorite \| on: Eliminating JavaScript cold starts on AWS Lambda The point of the js engine sandbox is to protect the user in the browser - it's completely redundant on the server. Supply chain attacks are real, but only Deno has tried to fix that through permissions/rules. I don't think anything changes with compile to native on the server.

rafram 3 months ago [–]

Totally disagree. A spec-compliant JS engine has to support the features that allow vulnerabilities like prototype pollution, which can be exploited through user input alone.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact