Re: Spyglass HTML Validator 1.0 Availability

Albert Lunde (Albert-Lunde@nwu.edu)
Fri, 18 Oct 1996 12:11:58 -0500 (CDT)


Message-Id: <199610181711.AA191058718@merle.acns.nwu.edu>
Subject: Re: Spyglass HTML Validator 1.0 Availability
To: www-html@w3.org
Date: Fri, 18 Oct 1996 12:11:58 -0500 (CDT)
In-Reply-To: <199610181503.IAA05433@armenia.it.earthlink.net> from "David Perrell" at Oct 18, 96 07:56:10 am
From: Albert-Lunde@nwu.edu (Albert Lunde)

> > I am not even gonna get into the security questions of JavaScript
> > except to note that this too is gonna be hard to ignore).
> 
> Have there been security problems with JavaScript? I thought JavaScript
> was pretty innocuous, seeing as how it's just human-readable statements
> interpreted by the UA that only affect the display. Are you not
> thinking of Java programs?

There have been security problems with both. JavaScript is worse in
that it doesn't start with a security model; Java at least had
a good low-level security model, though the higher-level
"security manager" was an afterthought. Both Netscape (JavaScript)
and Microsoft (Word Macros, Win NT permissions) seem to
need to hire some more paranoid security review people ;)

-- 
    Albert Lunde                      Albert-Lunde@nwu.edu