[Aaargh20318]

I'm not sure why you're trying to say ? Two wrongs make a right ?

For the record: I think that JS is a horrible idea too. What happened to the old rule of thumb that once you let someone else run their own code on your machine you should consider it compromised ?

[VMG]

> What happened to the old rule of thumb

People realized it's a stupid and impractical rule and ignored it.

[phkahler]

>> People realized it's a stupid and impractical rule and ignored it.

If by "people" you mean developers, and by "stupid and impractical" you mean inconvenient.

[joshuamorton]

Given that your rule of thumb is one that only developers would know or care about, yes...exactly.

Developers realized that their rule was stupid and impractical (not just inconvenient, but actively impractical: async interaction is faster and requires js), and so ignored it.

[danellis]

People stopped following that rule sometime around the time the computer was invented.

[Dylan16807]

Depending on your requirements, it can be really easy to sandbox code. I could write a simple virtual machine in an hour or two that's more secure than your typical jpeg decoder. So it's really worth looking at exactly what kind of sandboxing and complexity is involved.