Re: Spyglass HTML Validator 1.0 Availability

Albert Lunde (
Fri, 18 Oct 1996 12:11:58 -0500 (CDT)

Message-Id: <>
Subject: Re: Spyglass HTML Validator 1.0 Availability
Date: Fri, 18 Oct 1996 12:11:58 -0500 (CDT)
In-Reply-To: <> from "David Perrell" at Oct 18, 96 07:56:10 am
From: (Albert Lunde)

> > I am not even gonna get into the security questions of JavaScript
> > except to note that this too is gonna be hard to ignore).
> Have there been security problems with JavaScript? I thought JavaScript
> was pretty innocuous, seeing as how it's just human-readable statements
> interpreted by the UA that only affect the display. Are you not
> thinking of Java programs?

There have been security problems with both. JavaScript is worse in
that it doesn't start with a security model; Java at least had
a good low-level security model, though the higher-level
"security manager" was an afterthought. Both Netscape (JavaScript)
and Microsoft (Word Macros, Win NT permissions) seem to
need to hire some more paranoid security review people ;)

    Albert Lunde