Like this: (the whole fucking thing is a script)
Just html, body, and script WOW good job yt.
You cannot browse yt without java, and with java you cannot browse it securely. At least there is vid.me:
1 Like
YouTube uses Polymer; a Javascript library, not Java.
Polymer uses templates and renders them with javascript.
What is this supposed to mean? How is using a modern web stack âunsecureâ?
javascript is code youâre running on your computer that you have no control over. (in this situation)
That is, by definition, insecure.
That is the old definition. There is server-side javascript like with Nodejs.
EDit: I see your ninja edit.
ThisâŚ
Server side javascript is fine because itâs not on your computer, but some people donât want things running on their computer that they canât control.
@SgtAwesomesauce My point is that most modern web stacks use javascript throughout now.
This is fine and I agree with this. However, just because one does not understand how how a templating library works doesnât mean they need to bash it. In this instance, Polymer uses JS to render templates in realtime with backend javascript and passes this to the client javascript.
Edit
This is from their site:
-
Web Components let us extend the browserâs built-in component modelâthe DOMârather than bring our own.
-
In combination with HTTP/2 and server push, standard module formats like HTML Imports and ES6 Modules let us declare fine-grained dependencies and efficiently deliver them to the client in optimally cacheable form, without relying on complicated packaging tools and loaders.
-
Service Workers let us build pure web apps that users can access even when their devices are offline or network conditions are poor, whereas previously we might have had to resort to manually installable native or âhybridâ apps.
So using tools that built into the browser already, using a web standard like HTML imports, and JS standard like ES6. People need to stop using the antiquated methodology of âoh its javascript I donât need thatâ; when in todayâs world you do.
Letâs say you download HTML, ⌠a piece of code running on your computer starts reading it and doing stuff depending on what it sees.
This is analogous to CSS or JavaScript.
One of the core features of any browser is that theyâre able to do this securely â the functionality of a webpage is limited to the context that browser presents.
Theoretically, with this secure context offering webgl and video support, one could exploit a driver bug through the browser and gain root on the machine even without JavaScript. IE6 used to crash on HTML tag at one point. ⌠Not all hacks require JavaScript.
1 Like