JavaScript: Difference between revisions

Line 23:

**Remote code execution. This is used by hackers and crackers to build [[wikipedia:Botnet|bot-nets]] for [[wikipedia:Ddos#Distributed_DoS|DDoS]] or [[wikipedia:Cryptocurrency|crypto]]-mining, but it's mostly used for [[spyware]] since it can hide more easily.

**[[wikipedia:Sandbox_(computer_security)|Sandbox]] escape. Modern browsers compile JS to native CPU code (see [[wikipedia:Just-in-time_compilation|JIT]]) to improve performance; this introduces a higher risk of sandbox-escape, as the code can more easily find vulnerabilities to manipulate the engine.

About that last point, it's worth noting that tooling, such as [[wikipedia:TypeScript|TypeScript]] and [[wikipedia:ESLint|ESLint]], exist to substantially minimize the likelihood of bugs.

About that last point, it's worth noting that tooling, such as [[wikipedia:TypeScript|TypeScript]] and [[wikipedia:ESLint|ESLint]], exist to substantially minimize the likelihood of [[wikipedia:Software_bug|bugs]].

==Incidents==

@@ Line 23: / Line 23: @@
 **Remote code execution. This is used by hackers and crackers to build [[wikipedia:Botnet|bot-nets]] for [[wikipedia:Ddos#Distributed_DoS|DDoS]] or [[wikipedia:Cryptocurrency|crypto]]-mining, but it's mostly used for [[spyware]] since it can hide more easily.
 **[[wikipedia:Sandbox_(computer_security)|Sandbox]] escape. Modern browsers compile JS to native CPU code (see [[wikipedia:Just-in-time_compilation|JIT]]) to improve performance; this introduces a higher risk of sandbox-escape, as the code can more easily find vulnerabilities to manipulate the engine.
-About that last point, it's worth noting that tooling, such as [[wikipedia:TypeScript|TypeScript]] and [[wikipedia:ESLint|ESLint]], exist to substantially minimize the likelihood of bugs.
+About that last point, it's worth noting that tooling, such as [[wikipedia:TypeScript|TypeScript]] and [[wikipedia:ESLint|ESLint]], exist to substantially minimize the likelihood of [[wikipedia:Software_bug|bugs]].
 ==Incidents==