Hacker News new | past | comments | ask | show | jobs | submit
lazide | on: Exit IP VPN servers mitigation rollout
It’s basic self defense. Who runs around the web in 2026 allowing random JS? Might as well be licking seats on the subway.
Telaneo | parent | next
> Who runs around the web in 2026 allowing random JS?

Within a rounding error, 100% of people on the internet.

lazide | root | parent
It’s a lot higher pct when you count vpns with JS filtering, ad blockers, etc.
lmm | parent
If you trust your browser it's fine, and if you don't then both CSS and SVG are significantly more risky.
margalabargala | root | parent | next
This isn't true at all.

Anything SVG does maliciously, it does by containing JavaScript, so SVG's worst case is a subset of JS's.

fc417fc802 | root | parent | next
Remind me again what the ratio of browser sandbox escapes coupled with full RCE is between JS, CSS, and SVG?
sysguest | root | parent
> then both CSS and SVG are significantly more risky.

how???