in reply to Re^2: Pass hard coded param CGI post
in thread Pass hard coded param CGI post

nearly all client-side Web security exploits in the modern era have depended 100% on JavaScript to run[citation needed]

Replies are listed 'Best First'.
Re^4: Pass hard coded param CGI post
by jcb (Vicar) on Jun 30, 2020 at 02:20 UTC

    Then provide some counterexamples. Even Internet Explorer (as far as I know, the only browser to ever be exploitable with only plain HTML) had those problems only in the late 1990s. All of the recent exploits I remember off the top of my head have been JavaScript JIT bugs.

      Just dog piling IE: it was exploitable at one time or another in every conceivable way, including a character set attack.