Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#41582 - [elinks] JavaScript support has many known vulnerabilities
Attached to Project:
Community Packages
Opened by Daniel Micay (thestinger) - Sunday, 17 August 2014, 10:20 GMT
Last edited by Eli Schwartz (eschwartz) - Monday, 07 August 2017, 00:00 GMT
Opened by Daniel Micay (thestinger) - Sunday, 17 August 2014, 10:20 GMT
Last edited by Eli Schwartz (eschwartz) - Monday, 07 August 2017, 00:00 GMT
|
DetailsThere are dozens of known and unfixed security holes in SpiderMonkey 1.8.5, so running untrusted code with it isn't going to turn out well. JavaScript support should be left out in these web browsers unless it gets updated to use the maintained SpiderMonkey version. It's not possible for users to make use of this feature securely.
|
This task depends upon
Closed by Eli Schwartz (eschwartz)
Monday, 07 August 2017, 00:00 GMT
Reason for closing: Fixed
Additional comments about closing: elinks 0.13-19
https://www.archlinux.org/todo/remove-js 185-from-the-repos/
Monday, 07 August 2017, 00:00 GMT
Reason for closing: Fixed
Additional comments about closing: elinks 0.13-19
https://www.archlinux.org/todo/remove-js 185-from-the-repos/
I agree that the javascript engines should be updated or disabled.