Re: Local program exection in WWW browsersvinay@eit.COM (Vinay Kumar)
Date: Wed, 13 Apr 1994 19:28:49 --100
From: vinay@eit.COM (Vinay Kumar)
To: Multiple recipients of list <firstname.lastname@example.org>
Subject: Re: Local program exection in WWW browsers
X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas
>From email@example.com Wed Apr 13 08:30:56 1994
From: Dave Raggett <firstname.lastname@example.org>
> These languages are indeed candidates, but my primary concern right now
> is what functionality is needed, and how to ensure that hostile or buggy
> scripts can't harm the client system in any way.
>From my limited knoweledge on Telescript, one of the things their "security"
is based on, is Authorization. Only the scipts that are authorized at the
client side are permitted to execute, nothing else. I did something similar
to take care of the "security risk" involved in handling application/x-csh
by browsers. Wrote my own quick-and-dirty parser that does a fork and
exec on the scripts sent by servers based on client-side user-authorization.
More info available at:
This approach requires users to be security aware, and be able to distinguish
between buggy and useful scripts however...
> This has meant focussing
> on the API between the client and script interpreter rather than an early
> selection of language. Both Telescript and Safe-Tcl were designed with
> different environments in mind, and we need to be creative about our needs
> for fill-out forms and later on perhaps, for coordinating different media.
> I also feel that the Web deserves a scripting language that makes it
> especially easy for novices to get started. Does Telescript or Safe-Tcl
> really match up to this?
> Best wishes,
> Dave Raggett