Thing is, you can't load javascript code... But you can easily write a mini virt... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

londons_explore on June 1, 2023 | parent | context | favorite | on: More malicious extensions in Chrome Web Store

Thing is, you can't load javascript code... But you can easily write a mini virtual machine to run any code you download from the web. And due to javascripts introspection abilities, that VM can (if the developer wishes) do anything.

The simplest javascript bytecode interpreter is probably only a few hundred bytes, which is easy to hide in a big extension.

rektide on June 1, 2023 [–]

Those sidesteppings are outlawed by the Chrome Web Store policies.

There are JS-in-JS interpreters out there. They're just not allowed. https://github.com/jterrace/js.js/ https://github.com/marten-de-vries/evaljs

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact