There is a difference. JS is turing complete, pure HTML is far from (as far as I... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

anyfoo on May 13, 2025 | parent | context | favorite | on: Branch Privilege Injection: Exploiting branch pred...

There is a difference. JS is turing complete, pure HTML is far from (as far as I'm aware). So HTML might (!) well be restricted enough to not be able to carry out such an attack.

But I'd never state to definitively, as I don't know enough about what HTML without JS can do these days. For all I know there's a turing tarpit in there somewhere...

nine_k on May 13, 2025 [–]

CSS3 is Turing-complete, but creating an exploit using just it would be... quite a feat.

With JS or WASM, it's much more straightforward.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact