I'm a Systems Reliability and DevOps engineer for Netdata Inc. When not working, I enjoy studying linguistics and history, playing video games, and cooking all kinds of international cuisine.
You don't necessarily need to be able to run scripts to engage in malicious activities. Keylogging can be done using just HTML and CSS (though it requires special processing server-side to work), and it's absolutely possible to do any number of nasty things with carefully crafted text or embedded objects (images, videos, etc). The likelihood of persistently infecting a user's computer through such an attack is really low, but it's still theoretically possible, and it's absolutely possible to do drive-by attacks that crash the browser or possibly even the whole system.
Welp, I completely forgot custom content (images, videos, links, ...). I guess commenting when you just got up really isn't the best idea. Thanks for clearing it up though, I'm just gonna run head first into a wall because I didn't think of it when writing the comment
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
You don't necessarily need to be able to run scripts to engage in malicious activities. Keylogging can be done using just HTML and CSS (though it requires special processing server-side to work), and it's absolutely possible to do any number of nasty things with carefully crafted text or embedded objects (images, videos, etc). The likelihood of persistently infecting a user's computer through such an attack is really low, but it's still theoretically possible, and it's absolutely possible to do drive-by attacks that crash the browser or possibly even the whole system.
Welp, I completely forgot custom content (images, videos, links, ...). I guess commenting when you just got up really isn't the best idea. Thanks for clearing it up though, I'm just gonna run head first into a wall because I didn't think of it when writing the comment