I was also blaming the OS for not having preemptive multi-tasking? And once we've blamed the OS and the browser... not sure who else is in this equation.
The web developer is not in this equation, because I have no way to know their server hasn't been hacked, and hence even if I trust them personally, anything they send me is explicitly untrusted
I expect the software I use to properly sanitise untrusted inputs, yes
Sure, but still, why blame (only) the browser?
I was also blaming the OS for not having preemptive multi-tasking? And once we've blamed the OS and the browser... not sure who else is in this equation.
The web developer is not in this equation, because I have no way to know their server hasn't been hacked, and hence even if I trust them personally, anything they send me is explicitly untrusted