begin quoting Gregory K. Ruiz-Ade as of Thu, Apr 12, 2007 at 10:01:42PM -0700: > On Apr 12, 2007, at 5:37 PM, Christian Seberino wrote: > > >The only thing I can see stopping Javascript from taking over the > >world is M$'s slowness to fix compatibility problems in IE. That may > >be enough to sink your favorite technology I'm afraid. Perhaps AJAX > >will work around the problems until IE improves? One can hope. > > AJAX is Asynchronous Javascript And XML. Which makes the above > statement amusing to me, because it's already happening. Most of the > "AJAX libraries" that are available do extensive testing to see what > browser they're running in to select the best (i.e., non-broken) > method for getting something done. So, to an extent, it's already > happening. So, it's a sort of built-in autoconf, eh?
> The problem with Javascript, as Andrew and Stewart will happily point > out, is that there is absolutely _zero_ security model with > Javascript. I'm pretty sure you could have an AJAX app start > uploading random files from your hard drive to a server of your > choosing and the user would be none the wiser unless you completely > tanked his/her bandwidth. Even then, they'd be puzzling over why > everything is so slow. I believe that security in Javascript is pretty ad-hoc -- I do not believe that you can (anymore, that is) have a Javascript program upload random files from your hard drive, at least not trivially. Security is getting better -- shoot, even my evil javascript page doesn't cause heartburn anymore, and it used to be capable of crashing a Linux box -- but the assurances haven't changed: "It works fine for me, what's your problem? Are you a paranoid luddite or something?" > I need to break out my Javascript book and see just what you can do > without needing to ask permission via the browser... I should probably pick up a Javascript book and set about devising a new and improved evil javascript page. -- I should probably start with an enumeration of all objects in the system. Stewart Stremler -- [EMAIL PROTECTED] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
