[英]Is Secure Javascript Code Possible in Modern Browsers
Modern Javascript produces libraries such as OpenPG.js, Crypto-js, with other supporting server side technologies such as Dart and Node. 现代Javascript使用其他支持的服务器端技术(例如Dart和Node)生成诸如OpenPG.js,Crypto-js之类的库。 Is it now possible to deliver secure javascript client side? 现在可以提供安全的JavaScript客户端了吗?
No! 没有! You should never trust the browser since it cannot and will not protect your interests. 您永远不要信任浏览器,因为它不能也不会保护您的利益。 I highly recommend you to read following articles that explain the whys: 我强烈建议您阅读以下说明原因的文章:
https://tonyarcieri.com/whats-wrong-with-webcrypto http://blog.zuehlke.com/en/why-is-xss-apache-cordovas-worst-enemy/ https://tonyarcieri.com/whats-wrong-with-webcrypto http://blog.zuehlke.com/cn/why-is-xss-apache-cordovas-worst-enemy/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.