- From: F. E. Potts <fepotts@fepco.com>
- Date: Fri, 18 Oct 1996 11:37:38 -0600
- To: davidp@earthlink.net
- Cc: www-html@w3.org
On Fri, 18 Oct 1996 08:56:10 -0600, David Perrell wrote: > Have there been security problems with JavaScript? I thought > JavaScript was pretty innocuous, seeing as how it's just > human-readable statements interpreted by the UA that only affect the > display. Are you not thinking of Java programs? Yes, there have been problems with JavaScript: http://www-genome.wi.mit.edu/WWW/faqs/wwwsf7.html#Q61 http://www.osf.org/~loverso/javascript/ While some of the problems associated with JavaScript have been fixed, others have not, and new ones are waiting to be found. To me, JavaScript is about as buggy as Sendmail, and needs to be treated with equal care. As a result of all this, it has become a matter of course among many who are responsible for a network's security to forbid the use of JavaScript (along with Java and ActiveX) when it comes from the public side of the firewall. It is also one of the reasons why I find using JavaScript in place of regular style-sheets a disturbing trend. HTTP is becoming one of the new avenues of choice for getting through a firewall, and it is a dream for social engineers. -fep -- fepotts@fepco.com http://www.fepco.com/
Received on Friday, 18 October 1996 13:37:26 UTC