- From: Al Gilman <asgilman@access.digex.net>
- Date: Sat, 21 Nov 1998 09:49:42 -0500 (EST)
- To: Lovey@aol.com
- Cc: w3c-wai-ig@w3.org
to follow up on what Lovey@aol.com said: > A VBScript thingy - but what about todays ruling infavor of Sun > -vs- MS re: Java and VBS? The judge's preliminary injunction will (has already) set off a round of vigorous dispute in the press release wars, probably including dissing how secure or vulnerable the other technology is. But for us there is a serious issue. Security policies that restrict what a script or Aplet can do are a form of safety policy. In the area of the DOM there is an analogy, in that there are some additional safety rules that should optionally apply depending on the user interface mode and user. These are things like "always confirm SUBMIT of a form" or "no automatic actions: require user OK to run videos and animations, etc." The point is that these rules need to be recognized as a class which merits priority over author scripts and aplets in access to the controls of the services in the local computing environment which actually _do_ things. This is a class of controllability rules that are applied at user option and which occupy a priority status intermediate between system-wide security practices and page-specific active elements. There is an analogy between "User wins in a !important contest" which is a policy we have established in CSS2 and a priority which should be given to user-saftety rules for action access by scripts and Aplets in the layering of dynamic applications over HTML documents. Al
Received on Saturday, 21 November 1998 09:48:31 UTC