There was a time, not too long ago, when I used to adore JavaScript. I would use it superfluously in web application development, from the fun transitional effects of Rico and jQuery, to the powerful and seamless abilities of XMLHTTPRequest. But then, people discovered that JavaScript could be used for evil. Router ports could be opened and closed, firewalls disabled; network security was essentially compromised.
Because of this, more and more people are disabling javascript in their browsers, which means that they can't use many of the rich features that web apps offer, even in some cases rendering the sites completely useless (which really shouldn't happen, because we should be designing with accessibility in mind, right developers?). That number has now grown to over 10% of all internet users, according to the W3C, which is a real shame because most people use JavaScript in their sites to enhance the user experience, but if your users' browsers don't meet your site's requirements to view it properly, then they can't really get the most out of your site.
When did JavaScript become so malicious? Can't we go back to a time when none of this extra blather was added and just have a simple client-side programming language? Is that really too much to ask for?
Technorati Tags: javascript, exploits, security, web+development
1 comment:
Being that the exploit was designed using very basic scriptable elements of the browser (img/iframe), it's not that anything has changed or that Javascript is the culprit (could as well be vbscript or any other language embedded in the browser), so there's no real way to roll back the functionality that allows it. People will just have to learn to manage their trusted sites list.
Post a Comment