this post was submitted on 26 Mar 2026
12 points (92.9% liked)

Linux

16857 readers
7 users here now

Welcome to c/linux!

Welcome to our thriving Linux community! Whether you're a seasoned Linux enthusiast or just starting your journey, we're excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let's dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!

Rules:

  1. Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.

  2. Be respectful: Treat fellow community members with respect and courtesy.

  3. Quality over quantity: Share informative and thought-provoking content.

  4. No spam or self-promotion: Avoid excessive self-promotion or spamming.

  5. No NSFW adult content

  6. Follow general lemmy guidelines.

founded 2 years ago
MODERATORS
MigratingtoLemmy@lemmy.world
12
Swap web addresses in source: any tricks to share? (lemmy.world)
submitted 4 days ago* (last edited 4 days ago) by j4k3@lemmy.world to c/linux@lemmy.world
8 comments fedilink hide all child comments
 

Going through a bunch of JavaScript I do not trust and it has a ton of web address comments like citations but likely some bad stuff in there too. What could be swapped with the address to instead act as a local tripwire or trap?

Just a mild curiosity for scripting stuff.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] tal@lemmy.today 2 points 4 days ago* (last edited 4 days ago) (1 children)

I'm not really understanding what it is you are concerned about.

If it's that the Javascript might be malicious, then a browser should be able to sandbox it. IIRC

and you probably want to confirm this, if you're actively concerned

the Firefox security model is that if you open a file locally, it has local access, but if you open it from a webserver, it doesn't. Like, Javascript running in your browser downloaded from a web server shouldn't have local filesystem access.

If you want to examine some code, but don't want the code to phone home in some way, I'd remember that at least DNS is probably also a potential side channel. I'd maybe run the stuff in a VM without network access, if I were concerned about that.

[โ€“] j4k3@lemmy.world 1 points 4 days ago

I'm in the process of dismantling software I will never trust or update again and coming across all kinds of sketchy stuff. There is this Python program called Sentry_SDK that is very concerning. Along with several others. It appears to be packaged with most offline AI stuff and is some of the most authoritarian nonsense I have seen. I have air gapped the computer and do not have a package installed like prettier to maybe make the JavaScript readable, and it is enormous. There are many pages that are in the 10k lines plus range.

I already found a place in the back end that is trying to send packets with major obfuscation. The process is preloaded as listening, with every measure taken to prevent discovery of its origin. So that is fun too. I will likely reformat and start over after I have had my fun and saved what I wish to save.