[whatwg] Why not JavaScript?
Matthew Raymond
spacedog at planetquake.com
Thu Jun 10 04:26:46 PDT 2004
Ian Hickson wrote:
> I really don't think you can do a native application feel over the Web.
> If you drop the Web browser "prison", it is too easy to spoof UIs and
> trick users into entering private data into untrusted apps (even if you
> have technically sandboxed the applications).
I'm not convinced you can actually avoid this. I've already seen IE
popups that can only be distinguished from system messages and other
common Windows dialogs by the border. I've also seen web pages that look
almost identical to other web pages. If we really want to prevent people
from tricking us into launching malicious code, perhaps we should focus
on the security model rather than restrict the UI.
More information about the whatwg
mailing list