L
@Suiseiseki maybe I didn't explain myself: the verification of data integrity and correctness happens server-side too, not only client-side.
JavaScript is also needed to guarantee compatibility with older web browsers which don't support all HTML5 features. In addition, HTML5 forms can check the input for syntactical correctness, but cannot process nor alter collected data.
JavaScript exists for a good reason. 
@Suiseiseki verification happens server-side, JavaScript is used for data gathering and preparation. If the JavaScript is maliciously altered by the client, the server simply rejects the request. 
@Suiseiseki web developers must know HTML, CSS, JavaScript and sometimes a language like Python, PHP, Perl, ...
The law never imposed a specific language, it is superfluous, as JavaScript is and has always been the only way.
Different solutions would require too much server-side processing and some verifications cannot be implemented server-side, thus requiring JS.
@lispi314 most banks are forced to use JS in order to enforce certain verifications and security policies.
Online banking used it for the last decades, in a form or another. You just started to pay more attention to it, like most of us. 
@lispi314 you can disable JavaScript in your browser if you want, but 98% of public websites worldwide depend on JavaScript and will not work or have reduced functionality if its disabled.
No webmaster likes to do more work, if we use JS, it means its necessary.
@Suiseiseki the exploits you can see and that are published are only a small fraction of the total. Most exploits are sold and then kept secret.
@lxo web apps for real-time collaboration, social media, video conferencing, online banking, trading, e-learning, auctions, e-commerce and so on, all need client-side JavaScript. It's just a *necessity* to meet the minimum quality standards.
Internet offers endless variety: if you don't trust a website, the best thing you can do is not visiting it.
Alex, my social feed stays always open for you, hoping for pleasant conversations in future. Take care. 
@lxo no Alexander, even saints met opposition.
When you don't see much opposition, it only means nobody else thought sharing their informed opinions and discuss honestly with you was worth their time. In other words, that nobody else believed in your ability to think rationally, understand different perspectives and thus improve.
@Suiseiseki iFrames are discouraged by most web dev guidelines, as they can embed malicious remote content, allowing criminals to inject malware, steal information, or conduct fraud, whereas client-side JavaScript is sandboxed within the isolated context of the webpage with same-origin policy restrictions.
Client-side processing grants improved responsiveness, better privacy and faster loadings, also reducing the carbon footprint by avoiding unnecessary web requests.
CC: @tennoseremel @lxo
@Suiseiseki HTML5 alone cannot replace JavaScript because it lacks the capability to handle events, manipulate the DOM in real-time, or perform asynchronous operations, which are essential for creating dynamic, accessible and interactive pages.
FastCGI, executing server-side, is computationally more expensive because it requires multiple web requests and can be more vulnerable to remote code execution and misconfigurations than client-side JavaScript.
CC: @tennoseremel @lxo
@lxo I understand your concerns, but MITRE and CISA's oversight ensures CVE.org's security and integrity. Regular audits, bug reporting programs and frequent updates help mitigate future risks.
Alexandre, living in irrational fear of interactive webpages isn't healthy. We live only once, mate!
I'm currently satisfied and use their services with gratitude. If I had anything to say about their ethics, I would tell them personally.
I advise you do the same.
@lxo you're welcome. If you need the screenshot of something else just ask, I'll gladly use the latest build of Mozilla Firefox on my up-to-date Linux to take a screenshot for you.
CVE.org is supported by the Cybersecurity and Infrastructure Security Agency (CISA) and by MITRE, a 65 years old corporation specialized in national defense, financial systems and cybersecurity.
Its staff has 25 years of experience. If this website isn't safe, we're all doomed.
CC: @Suiseiseki , @tennoseremel
@Suiseiseki the scripts do not appear to contain malware:
https://www.virustotal.com/gui/url/0e7795408fa7cc6e918cbb0526bc804fece03f7b7685bebdc971670910088fea
https://www.virustotal.com/gui/url/b698d39b69b283657a4120248b211baeeb6be9b9f46a0bf873bfbcb5cbf622ac
All JavaScript files you've linked to are minified (compressed), not obfuscated. Almost all websites use compression to improve loading times. You can simply use the auto-format of your text editor to read minified scripts with minimal effort.
@Suiseiseki cve.org is popular and safe to use. JavaScript is a web standard that helps ensure compliance with EU safety regulations and accessibility requirements. It is implemented by 97.69% of web browsers and utilized by 98.3% of all public websites. Therefore, its presence on the CVE site is standard practice for modern web functionality.
Please see: https://ieji.de/@LorenzoAncora/114098428234129692
GNU Emacs: new critical remote shell injection vulnerability.
Red Hat discovered a command injection flaw in the text editor Emacs. It allows a remote, unauthenticated attacker to execute any command on your computer. The vulnerability is activated when you visit a malicious website or link.
https://www.cve.org/CVERecord?id=CVE-2025-1244
---
#news #software #gnu #emacs #security #hacking #terminal #linux #cve #opensource #freesoftware
---
Mitigation: uninstall/update immediately.