Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The author made a good point here about running trackers and ad ops (think Google analytics or ad words). I'd guess if you don't run those, it'd just be supply chain attacks that could exfiltrate secrets.

This seems like one of those scenarios where you make different trade offs depending on your threat model. The author's threat model sounds similar to a news site where they track and advertise so they're forced to run semi-trusted js.



Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: