On Thu, 29 Aug 2002 15:26, Toni Mueller wrote: > Hello, > > On Thu, Aug 29, 2002 at 12:54:18PM +0800, John Summerfield wrote: > > On Wed, 28 Aug 2002 20:25, Sergio A. Kessler wrote: > > > the perl is _not_ on your machine, it's only in the server, > > > and you can't change it unless you are the administrator. > > > > I control the server and the server _produces_ the js. If you trust the > > perl code, why do you not trust the js it produces? > > in general, allowing JS is a per-client setting that you don't > control from the server. So if the client has to use different > sites and need to trust only your server, he has to go to his > preference settings and turn JS on and off all the time, depending > on the next link he's going to visit (knowingly?). Net result: > JS is only near feasible in an Intranet where you control the > client platforms and the JS injected into the network from > A-Z, and that's probably not the most common situation to begin > with.
I was querying the assertion there is a security problem. You're talking about convenience, another matter. Nothing I said suggests that js should be _required_, only that it should be _available_ for anyone who wants to use it, and that it should be a capability not tied to any browser. I also pointed out that some with js-capable browsers will choose to turn it off, and that browsers that now can't handle js may do so in the future. I have no problem with the notion that js from some sources may be hazardous, but I don't see how js sourced from SL could be thought to be unsafe. -- Cheers John Summerfield Microsoft's most solid OS: http://www.geocities.com/rcwoolley/ ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------- (un)subscribe: http://lists.sourceforge.net/lists/listinfo/sql-ledger-users Archive: http://www.mail-archive.com/[email protected]/
