Re: [xml-dev] Re: Javascript and plugging holes

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

From: "Simon St.Laurent" <simonstl@simonstl.com>
To: xml-dev@lists.xml.org
Date: Fri, 10 Dec 2010 12:36:45 -0500

On 12/10/10 10:02 AM, Stephen Green wrote:
>> At the same time, Mobile Device manufacturers are pushing for the opposite.
>> They want JS to do MORE not LESS.
>
> The virus-script-kiddies haven't paid so much attention to smartphones
> yet, I guess.

There are lots of security holes in JavaScript and the Web environment, 
and many of them happen to work on phones too now.

This is a known problem - Douglas Crockford (creator/extractor of JSON) 
spoke about it at XML 2007, and there's some discussion of it in this 
interview too:

<http://answers.oreilly.com/topic/1483-doug-crockford-discusses-javascript-html5-security-issues/>

I'd watch all of it, but security comes up around 2:12 and 4:23 in an 
HTML5 context.

-- 
Simon St.Laurent
http://simonstl.com/

Follow-Ups:
- Re: [xml-dev] Re: Javascript and plugging holes
  - From: Henri Sivonen <hsivonen@iki.fi>
- Re: [xml-dev] Re: Javascript and plugging holes
  - From: Bill Lindsey <bill@blnz.com>

References:
- Javascript and plugging holes was: [xml-dev] Cross-domain loading of XML
  - From: Stephen Green <stephengreenubl@gmail.com>
- Re: Javascript and plugging holes
  - From: Henri Sivonen <hsivonen@iki.fi>
- Re: [xml-dev] Re: Javascript and plugging holes
  - From: Stephen Green <stephengreenubl@gmail.com>
- Re: [xml-dev] Re: Javascript and plugging holes
  - From: Stephen Green <stephengreenubl@gmail.com>
- RE: [xml-dev] Re: Javascript and plugging holes
  - From: "David Lee" <dlee@calldei.com>
- Re: [xml-dev] Re: Javascript and plugging holes
  - From: Stephen Green <stephengreenubl@gmail.com>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]