Linked by Kroc Camen on Sat 20th Dec 2008 17:54 UTC
General Development IBM delves into what's new in PHP 5.3: Part-1 shows you the changes to the object-orientated capabilities, and Part-2 shows you the exciting new possibilities with real closures and lambda functions. ["Read more" for Kroc's personal commentary]
E-mail Print r 4   · Read More · 41 Comment(s)
Thread beginning with comment 341087
To view parent comment, click here.
To read all comments associated with this story, please click here.
Kroc
Member since:
2005-11-10

Any code from any third party (known or otherwise) has every right as code from the same domain.

There is zero security granularity in Javascript. Or haven’t you noticed the constant XSS attacks out there?

Reply Parent Score: 1

Bill Shooter of Bul Member since:
2006-07-14

Is that really Javascript the language's fault? Or is it the browsers fault?

There are some things that Javascript gets blamed for that really is due to other things like the verbosity of the DOM. I'm not really sure if the cross domain issue is really javascripts fault or the browsers. What other web client language is there that does have security granularity to prevent XSS?

I think there should be a code signing mechanism, similar to the ones in place for mobile platforms.

Reply Parent Score: 1

sbergman27 Member since:
2005-07-24

Is that really Javascript the language's fault? Or is it the browsers fault?

If I am understanding his claim correctly (which is worded a bit ambiguously), it is false as Javascript is actually implemented in the real world. Browsers implement restrictions upon Javascript code based upon the domain that it came from. For example, a script from one domain can only close browser windows that it opened itself. And a script cannot read the contents of documents loaded from different servers than the document that contains the script, or register event listeners on documents from different servers. See "Same Origin Policy":

http://en.wikipedia.org/wiki/Same_origin_policy

I don't particularly love Javascript, and personally think that my language of choice would've been better. ;-) But... for all its faults, it's not quite as bad as Kroc claims.

Edited 2008-12-22 20:31 UTC

Reply Parent Score: 2