Yes, I was just adding to your comment. Just pointing out that there is a patter... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

cryptica on Jan 11, 2016 | parent | context | favorite | on: TrendMicro Node.js HTTP server listening on localh...

Yes, I was just adding to your comment. Just pointing out that there is a pattern of people blaming JS even though it's not related at all to the problem. The same vulnerability would have existed regardless of whether the code was written in Python, Go, C, Erlang, Haskell, PHP or Scala... This is a logic error - Not something that a compiler would pick up.

PeCaN on Jan 12, 2016 | [–]

In Haskell or Scala you could quite easily structure the code such that concatenating strings from different sources like that would be a compile error.

DonaldFoss on Jan 12, 2016 | [–]

This is a massive design flaw, not a logic error. While I applaud the use of API's for modular design and communication, this is the wrong place for it.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact