Direct Source VS Open Source (100% JavaScript single page mobile browser extension +GAS +espruino)

[TelepathyConspiracy]

So there could quite plausibly be some esoteric sequence of WebAssembly instructions that will manipulate JavaScript virtual machine into accessing the data on the hard drive.

I'm really not interested in wasting my time with abusive people like you, don't bother responding until you have a clickable link that allows an iframe to access your local hard drive without me explicitly giving permission... Otherwise admit what you're doing and reform

[teo123]

So there could quite plausibly be some esoteric sequence of WebAssembly instructions that will manipulate JavaScript virtual machine into accessing the data on the hard drive.

I'm really not interested in wasting my time with abusive people like you, don't bother responding until you have a clickable link that allows an iframe to access your local hard drive without me explicitly giving permission... Otherwise admit what you're doing and reform

Nobody is claiming that's possible in modern browsers. That's very unlikely, and that's why modern browsers allow JavaScript to be executed from hard-drive without the explicit user permission. You are constantly straw-manning me and it's very difficult to discuss with you. It was possible in IE4-era if you run JavaScript from the hard-drive to corrupt the file system. Now, would iframing that JavaScript somehow prevent it from doing that? Well, I haven't really tried, but it sounds like magic to me. I don't know how IE4 implemented iframes (or if it did at all), but I fail to see how it could possibly help. Something like that should be impossible on modern operating systems, that a bug in a browser makes it possible for malicious JavaScript to corrupt the file system, but it was possible back then. That was really as much as a bug in the operating system as it was in the browser. Prediction that such bugs might exist was why early versions of Internet Explorer did not allow JavaScript from the hard-drive to be executed without user permission, and, for about the same reason, modern browsers do not allow WebAssembly to be executed from the hard-drive.

[TelepathyConspiracy]

Well, I haven't really tried, but it sounds like magic to me.

Idk why it can't be a simple logic of V8 that keeps track of everything inside the iframe and declare everything not defined by the program as undefined like normal...

Why don't you write a web assembly sandbox compiler as if V8 but have it recognize your preferred language?

[teo123]

Well, I haven't really tried, but it sounds like magic to me.

Idk why it can't be a simple logic of V8 that keeps track of everything inside the iframe and declare everything not defined by the program as undefined like normal...

Why don't you write a web assembly sandbox compiler as if V8 but have it recognize your preferred language?

Once again, you have a pie-in-the-sky idea how those things work. V8 is a compiler. It emits machine code. There is no "simple logic" that will enable it to control what the machine code it emits does depending on whether it's in a iframe or not.

[TelepathyConspiracy]

Well, I haven't really tried, but it sounds like magic to me.

Idk why it can't be a simple logic of V8 that keeps track of everything inside the iframe and declare everything not defined by the program as undefined like normal...

Why don't you write a web assembly sandbox compiler as if V8 but have it recognize your preferred language?

Once again, you have a pie-in-the-sky idea how those things work. V8 is a compiler. It emits machine code. There is no "simple logic" that will enable it to control what the machine code it emits does depending on whether it's in a iframe or not.

So where do if statements arrive on the scene because that seems to be all that is needed if you're excluding everything not within the direct path to the iframe... How about you prove it's more than that than just social engineering... Social engineering is not a argument.

[teo123]

Idk why it can't be a simple logic of V8 that keeps track of everything inside the iframe and declare everything not defined by the program as undefined like normal...

Why don't you write a web assembly sandbox compiler as if V8 but have it recognize your preferred language?

Once again, you have a pie-in-the-sky idea how those things work. V8 is a compiler. It emits machine code. There is no "simple logic" that will enable it to control what the machine code it emits does depending on whether it's in a iframe or not.

So where do if statements arrive on the scene because that seems to be all that is needed if you're excluding everything not within the direct path to the iframe... How about you prove it's more than that than just social engineering... Social engineering is not a argument.

I don't understand what you mean. What I meant was this: suppose there is a bug (quite an unlikely one, but let's use this as an example) causing V8 to, for some WebAssembly instruction, emit the "int 19h" instruction. Now, "int 19h" instruction traps into BIOS and it causes the computer to reboot without the operating system properly shutting down. In WebAssembly inside an iframe, there is WebAssembly that causes V8 to output such machine code containing the "int 19h" instruction. How can an "iframe" actually help in that case? It can't, obviously.

[TelepathyConspiracy]

Idk why you should expect the whole suite of functions if you're iframed... BIOS commands would be undefined

[teo123]

Idk why you should expect the whole suite of functions if you're iframed... BIOS commands would be undefined

No, they won't be "undefined" in any sense. You don't understand how it works at all. On modern OS-es, if a script manages to manipulate the JavaScript engine into executing the "int 19h" command, it will probably only lead to the browser (not just your web-page) crashing. On ancient OS-es, it will lead to the entire OS crashing.

[teo123]

Idk why you should expect the whole suite of functions if you're iframed... BIOS commands would be undefined

"int 19h" is not a function. It's an instruction. You have no idea how it works.

[teo123]

I mean, what you are saying is not even wrong. I cannot think of a way one or two misconceptions could lead you to think that iframing WebAssembly would make it safe to run directly from the hard drive. You realize "undefined" is a JavaScript term, that "undefined" does not exist in machine code or assembly or most programming languages?