I think there are a lot of people who want to know *more* about it, ie
HOW did you done it, or is it a secret ;-)?
> Security is the main issue. i.e. there is nothing stopping people
> writing html docs with dangerous commands as their ACTION field.
Yes, agreed, there are a lot of known security holes, BUT NONE if your
are working on *YOUR* local laptop without ANY network-connection, just
wanting LOCAL FORMS (on a CD or whatever...) to be handled by starting
the LOCAL perl-script to handle the *LOCAL* "request"!
> One of our new products has a well known browser(dare I say it... Mosaic)
> built into it as help engine/WWW navigator. We needed this local
> form processing capability. So we have restricted this to only
> allow calls to 'safe' binaries shipped with the products.
HOW?
> However I don't see this as a good solution, it was the best fit
agreed! :-))
> for the timescales we were working to. To tackle the generic solution
> we first of all need to define what the aims of local processing
> are. I think we should be using local processing in a way that
> does not involve filesystem access if we want security. The processing
This makes no sense to me (see above) but I agree under normalviewpoints...:-(
> could be done via a scripting language within the HTML document.
>
> e.g. If the user selects two list items, a third item is set automatically.
>
> The scripting language could allow return of an HTML doc created
> on the fly, or via a URL ref. So you could reference things on your
> CD based system.
> This is an interesting area of discussion, I know the HTML 2/3/x authors
> must be addressing it.
YES, I want to have more opinions, statements ....