SWAT Redesign for Testing
Christopher R. Hertel
crh at ubiqx.mn.org
Tue Apr 19 17:47:41 GMT 2005
On Tue, Apr 19, 2005 at 12:18:05PM -0500, Deryck Hodge wrote:
:
> I realize, though, that sometimes people don't choose to enable
> Javascript. I don't believe security fears are founded on much today --
I just hate the popups. :)
I do see security as an issue, but then I'm still working at an
institution with tens of thousands of Internet-exposed workstations
running all sorts of browsers and operating systems, and my job brings me
in contact with the network security staff on a regular basis. I hear
things...
In general, I see web scripting languages as a security, privacy, and
compatibility issue--it's remote code executing on your local machine and
it's a foreign entity making decisions and controlling (a portion of) your
desktop...but that's only part of my thinking. There are also the
accessibility concerns which, I believe, may be even more significant in
this case.
> all current browsers (back to at least '98-99) run Javascript in a
> sandbox and only make certain browser elements available to scripts via
> the DOM, Javascript has no file I/O capabilities, etc -- however, I
The sandboxes have been cleaned up but, like anything else that faces the
Internet, there are possibilities for buffer overruns, etc.
> respect people's right to use a browser as they see fit. So I make sure
> that all necessary functionality still works if Javascript is not enabled.
That last is the key. Thanks for that.
> So, while I don't worry about the security of Javascript, I respect a
> user's right to use a browser as they see fit. I wouldn't use an
> onclick to submit such an important request because without Javascript,
> the user would have no way to select the additional parameters. I do
> think that something along the lines of
>
> | Current view is <B>basic</B>. Switch to [Advanced]
> |
>
> is acceptable, whether [Advanced] is a button or a link or whatever.
Works for me.
> I don't, however, have a problem with the Javascript-enabled version of
> SWAT having more advanced functionality. For example, the help menu is
> much more attractive and functional in a Javascript-enabled browser. My
> assumption is that if you're regularly turning off Javascript, you're
> used to limited/different functionality.
That, to me, is an acceptable trade-off. I personally wish Javascript and
ActiveX had never happened but, if they've got any valid place at all, it
would be for gussying up an otherwise working web page.
> At least, this is the logic I'm following, which seems reasonable to me.
I can cope. :)
I think it's a workable approach and acceptable compromise.
> | PS. Deryck: would you be willing to remove the target="opennew" tags
> | from the links on your Screenshot Tour page? Thanks...
> |
> PSS. Sure. :-)
Thanks. I'm hoping, someday, that I'll figure out how to tell
Mozilla/Firefox that I don't want new windows unless I explicitly ask for
them.
Chris -)-----
--
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/ -)----- crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/ -)----- crh at ubiqx.org
More information about the samba-technical
mailing list