[whatwg] Why not JavaScript?

Matthew Raymond spacedog at planetquake.com
Thu Jun 10 04:26:46 PDT 2004


Ian Hickson wrote:
> I really don't think you can do a native application feel over the Web.
> If you drop the Web browser "prison", it is too easy to spoof UIs and
> trick users into entering private data into untrusted apps (even if you
> have technically sandboxed the applications).

    I'm not convinced you can actually avoid this. I've already seen IE 
popups that can only be distinguished from system messages and other 
common Windows dialogs by the border. I've also seen web pages that look 
almost identical to other web pages. If we really want to prevent people 
from tricking us into launching malicious code, perhaps we should focus 
on the security model rather than restrict the UI.



More information about the whatwg mailing list