W3C home > Mailing lists > Public > www-tag@w3.org > December 2005

Re: Initial Draft Finding on Principle of Least Power

From: Mark Baker <distobj@acm.org>
Date: Thu, 22 Dec 2005 15:53:27 -0500
Message-ID: <c70bc85d0512221253g18c526a6j1f3a878a64dc3414@mail.gmail.com>
To: Bill de hÓra <dehora@eircom.net>
Cc: www-tag@w3.org

On 12/22/05, Bill de hÓra <dehora@eircom.net> wrote:
> I've been following this thread, and believing myself to be in target
> audience for such principles. I guess my question is this: why would I
> follow this principle?

I was thinking the same thing too, and noticed that - just to pick one
important consideration - there's no discussion of the security
implications of Turing-complete or near-Turing-complete languages.

As a topical example, JSON[1] - a subset of Javascript used as a data
exchange format for many "AJAX" apps - is generating a lot of buzz,
and there's been some issue with some consumers simply eval()-ing JSON
data[2][3], despite the fact that what's exchanged could be arbitrary
Javascript, with all the security implications that entails.

Some food for thought...

 [1] http://www.crockford.com/JSON/
 [2] http://www.crockford.com/JSON/js.html
 [3] http://en.wikipedia.org/wiki/JSON

Mark Baker.  Ottawa, Ontario, CANADA.       http://www.markbaker.ca
Coactus; Web-inspired integration strategies  http://www.coactus.com
Received on Thursday, 22 December 2005 20:55:28 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:56:10 UTC