Archive of UserLand's first discussion group, started October 5, 1998.

Re: Scripting and Promiscuous Browsing

Author:Dori Smith
Posted:2/8/2000; 1:32:14 PM
Topic:Scripting and Promiscuous Browsing
Msg #:14968 (In response to 14966)
Prev/Next:14967 / 14969

has code examples in it so it might be interesting, but the whole premise is silly.

Except it doesn't really have code examples. It has things like "malicious script goes here." Of course, since JavaScript can't read from or write to your hard drive, they never give an example of what that "malicious" script might actually be doing.

And I get another bunch of emails that say "CERT says that JavaScript is a bad thing, so no one should use it, so I'm going to turn it off in my browser and tell everyone else too, also!"

There isn't a single example anywhere in that "advisory" of *anything* that can be done to you with just JavaScript (or VBScript, or any other client-side scripting language). It always needs something on the server side. Now, if they'd said to never surf to anything but static sites they might have a point (an over the top point, but a point). But instead, they said that scripting is BAD, and that users should therefore disable it in their browsers. Oh, and btw, some of the bad things we're talking about don't have anything to do with client-side scripting at all.

I don't agree that this is a MS plot, but there's something very fishy about this, imo.

[Admission of bias and/or reason for claiming to be knowledgeable in this area: I co-authored "JavaScript for the WWW: Visual QuickStart Guide, 3rd edition"]

Dori




This page was archived on 6/13/2001; 4:54:18 PM.

© Copyright 1998-2001 UserLand Software, Inc.