oss-sec mailing list archives

Re: Is third party javascript on a login page considered dangerous?

From: Jan Engelhardt <jengelh () inai de>
Date: Tue, 1 Nov 2022 12:53:36 +0100 (CET)

On Monday 2022-10-31 10:16, Georgi Guninski wrote:

In short, is third party javascript on a login page considered dangerous?


Any code should be treated as potentially dangerous.
The less you have overall, the better.
I do not see why a login page of all things needs code.

Input form, fields for username / password / other authentication 
tokens, a submit button. Boom, done. If there is a REST interface or 
somesuch, authentication tokens are also provided at once when a client 
makes a request (i.e. with no code execution apriori) - so why would 
your login page need any.

Current thread:

Is third party javascript on a login page considered dangerous? Georgi Guninski (Oct 31)
- Re: Is third party javascript on a login page considered dangerous? Brandon Perry (Oct 31)
- Re: Is third party javascript on a login page considered dangerous? Jan Engelhardt (Nov 01)
  - Re: Is third party javascript on a login page considered dangerous? Solar Designer (Nov 01)