Subject: Re: Fw: Signing of XSL scripts From: Paul Prescod <papresco@xxxxxxxxxxxxxxxx> Date: Fri, 29 May 1998 10:01:01 -0400 |
John Dreystadt wrote: > > An alternative direction for secure scripting is the model adopted by > the TCL community. They use "SafeTCL" which is a variation on the usual > TCL interpreter. SafeTCL has the dangerous components removed or > restricted. ECMAScript is already safe. If I recall correctly, the core language has no system functions at all. Only extensions could provide access to system resources. > I believe that we should start by examining what web browsers allow > ECMAScript to do, determine what needs to be added for XSL (maybe > nothing) and then determine how to add the new functionality safely. The things to be added have nothing to do with files, hard disks, dialog boxes or other system resources. You would have to work hard to add them in a non-safe manner. Paul Prescod - http://itrc.uwaterloo.ca/~papresco Three things never trust in: That's the vendor's final bill The promises your boss makes, and the customer's good will http://www.geezjan.org/humor/computers/threes.html XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list
Current Thread |
---|
|
<- Previous | Index | Next -> |
---|---|---|
RE: Fw: Signing of XSL scripts, John Dreystadt | Thread | RE: Fw: Signing of XSL scripts, John Dreystadt |
Re: Fw: Signing of XSL scripts, Paul Prescod | Date | Re: Fw: Signing of XSL scripts, Paul Prescod |
Month |