|
|
|
|
|
|
by andreasvc
4325 days ago
|
|
|
The number of sites that use Javascript is many orders of magnitude greater than those that use Java applets. This means that much more attention is going to keeping the Javascript runtime safe. If the same attention would go into making, say, a Python runtime for browsers, it would be just as safe (and removing the file writing and system call abilities would be the trivial part). Note that in HTML5, Javascript can read files (see e.g. http://www.html5rocks.com/en/tutorials/file/dndfiles/ ), so the point is not to exclude such functions from the language, but to adequately control when they can be used. Critical security flaws can come from any C code, be it a Javascript runtime, a PNG library or a PDF viewer. There is nothing inherent in those things to make them unsafe (as opposed to say, running arbitrary executables), except maybe that they are written in C. |
|
|