Sponsored Links
Is JavaScript here to stay?
The challenges facing this leading user-scripting language
- Feedback
- Discuss
Page 3 of 4
For JavaScript to become the worldwide standard Netscape envisions for it, it must prove itself a more stable environment, particularly in the areas of cross-platform and version compatibility. Few developers can afford the time and hardware to test their JavaScript creations under all conceivable platforms. JavaScript will only become an accepted standard when a script developed on one platform runs the same on all other platforms.
JavaScript and security
JavaScript was unfairly branded a cracker's dream-come-true even before Netscape 2.0 was officially released. It all started with an early beta release of 2.0 that allowed for reading the URLs in a window's history list. Though it must have seemed like a good idea at the time, it quickly become apparent that a bad guy could exploit the security hole and obtain visited URLs, some of which might contain sensitive data, such as passwords. Netscape responded by removing JavaScript access to the URL list.Even after Netscape 2.0 shipped security problems continued to be exposed. Version 2.0 allowed for the "silent" submission of a hidden mail form; Web page authors could use this innocent-looking feature to collect e-mail addresses of anyone who visited. This feature was removed in Netscape 2.01.
To Netscape's credit, security is one area of JavaScript development that is receiving much-needed attention. True, in Netscape 2.0x, security flaws in JavaScript were addressed simply by removing functionality from the language. This is not the ideal approach, because it also breaks "innocent" scripts.
From the beginning, Netscape has said the removal of features was merely a stop-gap measure, and it would someday replace its method of "security-through-crippling" with a bona fide data tainting model. With such a model, JavaScript could regain its lost functionality, and still provide a means to validate data to ensure it is not being exploited in a security breach. The data tainting model was still being developed as this column was written, but should be fully implemented in time for the final release of Netscape 3.0.
Advances such as the new data-tainting model is precisely what JavaScript needs to keep its toe-hold as the leading user-scripting language for Web pages. Yet developing data-tainting for JavaScript is probably Netscape's easiest task. It now has to convince a skeptical public and developer base that JavaScript can be trusted, given the previous negative publicity of security holes in version 2.0x.
What about Bill?
No discussion of JavaScript's future is complete without mentioning Microsoft. Is Microsoft a force to be reckoned? It's true that Microsoft has made plenty of blunders in its past, like Bob and MSN. And the mere fact that Microsoft has had successes in the areas of operating systems and desktop applications does not equate to automatic success in the Internet. But it's hard to disregard the tens of millions of dollars that Microsoft is spending to compete for Internet mind share and browser share.Microsoft's Internet Explorer 3.0 is a good example of what a little bit of vision and plenty of money can bring. Even among die-hard Netscape Navigator fans, Internet Explorer looks mighty fine. By the time it ships, IE should support Java, ActiveX components, it's own user-scripting language (called VB Script), and even JavaScript.
- Feedback
About Us | Advertise | Contact Us | Terms of Service/Privacy
Copyright, 2006-2008 Network World, Inc. All rights reserved.