"Douglas A. Tutty" <[EMAIL PROTECTED]> writes: [...]
> So how big is the sandbox? What is the worst that a mal JS could do? I don't know the exact details, but in general JavaScript is limited to accessing its own browser window, the window that created it, any windows it creates, and a few small bits of global state. It should not be able to access anything security sensitive unless it is in one of those windows. So by design, JS is pretty secure. However, most of the security problems you see with JS have to do with implementation bugs. This area seems to be more prone to security bugs than other parts of the Web browser. As with implementation bugs in any application, anything may be possible, depending on the nature of the bug. So, you will have to weigh for yourself the advantages of JS versus the risk of implementation bugs, just as you weigh the advantages of using other applications or application features versus the risk of implementation bugs. Searching Bugtraq or the database at cve.mitre.org can be useful in seeing how prone applications are to implementation errors. Good luck, ----Scott. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
