Imagine if wikipedia was a native app, what this vuln would have caused. I for one prefer using stuff in the browser where at least it's sandboxed. Also, there's nothing stopping you from disabling JS in your browser.
Imagine if wikipedia was a native app, what this vuln would have caused. I for one prefer using stuff in the browser where at least it's sandboxed. Also, there's nothing stopping you from disabling JS in your browser.
If it was a native app it wouldn't be grabbing one of the hosted files and running it as code.
Have you never seen a native app's auto-update get hijacked by malware? It happened (yet again) last month [0]
Tons of native apps also have plugins or addons, which (surprise surprise) is just code downloaded from some central repo, and run with way less sandboxing than JS.
[0] https://www.bleepingcomputer.com/news/security/notepad-plus-...
Wikipedia should be straight hypermedia. Simple.