Javascript can query chrome extensions [1] and much more [2].
[1] - https://browserleaks.com/chrome
[2] - https://browserleaks.com/javascript
This blows my mind. What good reason is there for giving javascript such permissions by default? This should at the minimum trigger an explicit permission request from the user.
alt Hacker News
This blows my mind. What good reason is there for giving javascript such permissions by default? This should at the minimum trigger an explicit permission request from the user.