Vulnerabilities of markdown desktop apps (Electron framework) vs classical

[tudi_x]

Vulnerabilities of markdown desktop apps (Electron framework) versus classical Lazarus desktop apps:
https://statuscode.ch/2017/11/from-markdown-to-rce-in-atom/

[lainz]

Vulnerabilities of markdown desktop apps (Electron framework) versus classical Lazarus desktop apps:
https://statuscode.ch/2017/11/from-markdown-to-rce-in-atom/

I hoped to see the word Lazarus somewhere in the article.

Already fixed so what's the problem again?

[tudi_x]

the problem again is that the concept brings common web security issues to desktop apps.
some users of these apps are not aware of what lies under the hood.

[lainz]

That's true. Else such a severe bug will not be discovered.

But it does nothing with Lazarus I think. Lazarus open .md files as plain text, also not highlighted.

About XSS, we can't compare a compiled code vs a script code. I think that was your point of comparing it with Lazarus: Lazarus can never get a XSS by it's nature if you don't include a javascript or another scripting language on it (PascalScript, Lua, anything).

But if you do?

The same happens for WebView apps for Android, if you enable JavaScript your code is highlighted with a warning.

But in Lazarus we don't have the benefits of the web world. The web is a double edged sword.