[
Lists Home |
Date Index |
Thread Index
]
Bill Kearney wrote:
> Robert Koberg wrote:
>
>> The problem is not with 'inherent insecurities of script languages
>> inside content', it is with whoever maintains the server system. In
>> other words, I think you are looking at the wrong culprit.
>
>
>
> Indeed. But new technologies, or new uses of existing tech, often
> present unforseeable risks. We've always stressed that RSS isn't the
> place for 'active content' that would require scripting. Precisely
> because of past experience with abusing embedded content (ask me about
> beaming newton notes sometime!)
>
> Not because it's not a cool idea but because the extant tools don't do a
> very good job of warding off the inevitable foolishness it'd bring. It
> was more a stop-gap against the advertising nitwits wanting to graft
> pop-up ads than anything else. No sense in having the emerging concept
> wrecked by allowing that rabble to bring along the same mess they've
> made of browsers.
Are we talking about client or server side scripting? I was thinking
about server-side...
best,
-Rob
|