Adam, thanks for your thoughts and concerns. I posted because I realy do want to know. Would like to hear from others as well.
At the surface I don't see anything a web page could do in my js centered model, e.g. sticking variables in window.eb$, that it couldn't already do straight away by fiddling with document.cookie or document.location or document.forms[0].action or any of those things, so it seems all the same to me, but as you say, correctly, we really have to give this a lot of thought before taking even a small step in that direction. Have to be convinced it won't open up any new loopholes. I know what you mean about browser being the main point of entry for hackers, though now it might be phishing emails. Ten years ago my wife's Explorer was hijacked, and she was looking at my web site which I wrote, and seeing all sorts of hyperlinks that weren't there, links that I didn't put in, links her hijacked browser was creating out of thin air, to direct her to other websites. Twas one of my biggest WTF moments. It made me sick and she's never been on windows since, which solves most of the problem but yes I know what you mean. Karl Dahlke _______________________________________________ Edbrowse-dev mailing list [email protected] http://lists.the-brannons.com/mailman/listinfo/edbrowse-dev
