[Python-talk] [js] Javascript Uber Alles? Is script without the sandbox a good idea?

Ted Roche tedroche at tedroche.com
Mon Jul 2 10:09:18 EDT 2007


Never too early in the week to throw in an incendiary message thread...

I have a lot of concern on the spread of JavaScript everywhere. Like
Lloyd, I usually run with NoScript enabled because I don't need to be
annoyed with dancing jumping animations. It is remarkable how many web
sites will not work right and will fail silently if you do not have
Javascript enabled.

On the other hand, its my understanding when you enable JavaScript that
you are downloading executable content into your browser, that there are
a number of known exploits out there, that there's not a real good way
to vet what's coming in, and there have been problems with javascript
embedded in syndicated ad engines.

It seems that AJAXian interfaces are taking over, and fighting it may be
a lost cause. I, too, appreciate using Javascript snippets to validate
fields, prompt users, and create a richer interactive experience for web
site visitors. But I am concerned about the cost?

Are my concerns justified? Is Javascript more sandboxxed than I've been
lead to believe?

-- 
Ted Roche
Ted Roche & Associates, LLC
http://www.tedroche.com


More information about the Python-talk mailing list