SWAT Redesign for Testing

Christopher R. Hertel crh at ubiqx.mn.org
Tue Apr 19 17:47:41 GMT 2005 

On Tue, Apr 19, 2005 at 12:18:05PM -0500, Deryck Hodge wrote:
:
> I realize, though, that sometimes people don't choose to enable
> Javascript.  I don't believe security fears are founded on much today --

I just hate the popups.  :)

I do see security as an issue, but then I'm still working at an
institution with tens of thousands of Internet-exposed workstations
running all sorts of browsers and operating systems, and my job brings me
in contact with the network security staff on a regular basis.  I hear 
things...

In general, I see web scripting languages as a security, privacy, and
compatibility issue--it's remote code executing on your local machine and
it's a foreign entity making decisions and controlling (a portion of) your
desktop...but that's only part of my thinking.  There are also the
accessibility concerns which, I believe, may be even more significant in 
this case.

> all current browsers (back to at least '98-99) run Javascript in a
> sandbox and only make certain browser elements available to scripts via
> the DOM, Javascript has no file I/O capabilities, etc -- however, I

The sandboxes have been cleaned up but, like anything else that faces the 
Internet, there are possibilities for buffer overruns, etc.

> respect people's right to use a browser as they see fit.  So I make sure
> that all necessary functionality still works if Javascript is not enabled.

That last is the key.  Thanks for that.

> So, while I don't worry about the security of Javascript, I respect a
> user's right to use a browser as they see fit.  I wouldn't use an
> onclick to submit such an important request because without Javascript,
> the user would have no way to select the additional parameters.  I do
> think that something along the lines of
> 
> |   Current view is <B>basic</B>.  Switch to [Advanced]
> |
> 
> is acceptable, whether [Advanced] is a button or a link or whatever.

Works for me.

> I don't, however, have a problem with the Javascript-enabled version of
> SWAT having more advanced functionality.  For example, the help menu is
> much more attractive and functional in a Javascript-enabled browser.  My
> assumption is that if you're regularly turning off Javascript, you're
> used to limited/different functionality.

That, to me, is an acceptable trade-off.  I personally wish Javascript and
ActiveX had never happened but, if they've got any valid place at all, it
would be for gussying up an otherwise working web page.

> At least, this is the logic I'm following, which seems reasonable to me.

I can cope.  :)
I think it's a workable approach and acceptable compromise.

> | PS.  Deryck:  would you be willing to remove the target="opennew" tags
> |      from the links on your Screenshot Tour page?  Thanks...
> |
> PSS.  Sure. :-)

Thanks.  I'm hoping, someday, that I'll figure out how to tell 
Mozilla/Firefox that I don't want new windows unless I explicitly ask for 
them.

Chris -)-----

-- 
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org

More information about the samba-technical mailing list