From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from resqmta-ch2-08v.sys.comcast.net (resqmta-ch2-08v.sys.comcast.net [IPv6:2001:558:fe21:29:69:252:207:40]) by hurricane.the-brannons.com (Postfix) with ESMTPS id 13DAF78953 for ; Sat, 7 Nov 2015 08:33:10 -0800 (PST) Received: from resomta-ch2-11v.sys.comcast.net ([69.252.207.107]) by resqmta-ch2-08v.sys.comcast.net with comcast id egZb1r0022Ka2Q501gZfFR; Sat, 07 Nov 2015 16:33:39 +0000 Received: from eklhad ([IPv6:2601:405:4080:53:21e:4fff:fec2:a0f1]) by resomta-ch2-11v.sys.comcast.net with comcast id egZf1r0031DsNmD01gZfR4; Sat, 07 Nov 2015 16:33:39 +0000 To: Edbrowse-dev@lists.the-brannons.com From: Karl Dahlke Reply-to: Karl Dahlke References: <20151006145114.eklhad@comcast.net> <20151107161332.GB24590@toaster.adamthompson.me.uk> User-Agent: edbrowse/3.5.4.2+ Date: Sat, 07 Nov 2015 11:33:39 -0500 Message-ID: <20151007113339.eklhad@comcast.net> Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1446914019; bh=W1PcRIIJ5ykTtd1wcVB9XG95YvGCJWBzefdSKhZazd0=; h=Received:Received:To:From:Reply-to:Subject:Date:Message-ID: Mime-Version:Content-Type; b=uQD8tQLwenFX8L3ukEXQMky1TKpSfaupKQLhibdNK6h6HOUaQgelVELrdcGZD7/s2 +a1zC+brtGAQ/HfRARMpoBWkowl0dtEwd4JfArkUw8b6ctWrnAGVV1QijATZGgjxmL qNfqKbqST11RJDBTX44bXrnRyzKXMNQa2N3p6kMIN6Falsr0VH/xAaWBEVf9GcWhDj Gqc+ERaOinnpSAn2leDH3LCXOfD2r9wXFlZvDTN2P0jpW1xzFn4KzaxRuAhBZ1GANn UfQgG0p3LdxaX6QDDK38OaH63Eet/cGiKCum45d3QPkWjguhnQZZZ4yUDbwvOljSRc oyQTamKlVyNqQ== Subject: [Edbrowse-dev] a JS centric design X-BeenThere: edbrowse-dev@lists.the-brannons.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Edbrowse Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Nov 2015 16:33:10 -0000 Adam, thanks for your thoughts and concerns. I posted because I realy do want to know. Would like to hear from others as well. At the surface I don't see anything a web page could do in my js centered model, e.g. sticking variables in window.eb$, that it couldn't already do straight away by fiddling with document.cookie or document.location or document.forms[0].action or any of those things, so it seems all the same to me, but as you say, correctly, we really have to give this a lot of thought before taking even a small step in that direction. Have to be convinced it won't open up any new loopholes. I know what you mean about browser being the main point of entry for hackers, though now it might be phishing emails. Ten years ago my wife's Explorer was hijacked, and she was looking at my web site which I wrote, and seeing all sorts of hyperlinks that weren't there, links that I didn't put in, links her hijacked browser was creating out of thin air, to direct her to other websites. Twas one of my biggest WTF moments. It made me sick and she's never been on windows since, which solves most of the problem but yes I know what you mean. Karl Dahlke