oss-sec mailing list archives
Re: Is third party javascript on a login page considered dangerous?
From: Jan Engelhardt <jengelh () inai de>
Date: Tue, 1 Nov 2022 12:53:36 +0100 (CET)
On Monday 2022-10-31 10:16, Georgi Guninski wrote:
In short, is third party javascript on a login page considered dangerous?
Any code should be treated as potentially dangerous. The less you have overall, the better. I do not see why a login page of all things needs code. Input form, fields for username / password / other authentication tokens, a submit button. Boom, done. If there is a REST interface or somesuch, authentication tokens are also provided at once when a client makes a request (i.e. with no code execution apriori) - so why would your login page need any.
Current thread:
- Is third party javascript on a login page considered dangerous? Georgi Guninski (Oct 31)
- Re: Is third party javascript on a login page considered dangerous? Brandon Perry (Oct 31)
- Re: Is third party javascript on a login page considered dangerous? Jan Engelhardt (Nov 01)
- Re: Is third party javascript on a login page considered dangerous? Solar Designer (Nov 01)