@MiffTheFox said:
@Jaime said:From here
@Douglas Crockford said:The ++ (increment) and -- (decrement) operators have been known to contribute to bad code by encouraging excessive trickiness. They are second only to faulty architecture in enabling to viruses and other security menaces. Also, preincrement/postincrement confusion can produce off-by-one errors that are extremely difficult to diagnose.God forbid a user find a way to inject code into something that runs... on their own system...
Unless he's one of those people who don't validate input coming from client-side JavaScript or user Node.js.
Never heard of an XSS attack then?
If you can inject JS onto a page and can get someone else to visit such an injected page, you've just injected code onto _their_ computer. Such code could steal cookies, perform website actions with their account, etc... Remember the days of MySpace worms?