JavaScript considered harmful (was Re: New online index to Be azley's tutorials)

Michael Ströder michael at
Wed Jan 9 07:12:00 EST 2002

"John W. Baxter" wrote:
> In article <mailman.1010531652.8777.python-list at>, Delaney,
> Timothy <tdelaney at> wrote:
> > My solution? Send all the data as a single Javascript string (fields
> > tab-delimited, records cr-delimited). Then a client-side JS function parsed
> > the string and produced the required HTML.
> Bell Atlantic demonstrated how this approach can go horribly wrong.
> They included password verification in the JavaScript, and the JS
> included the data which the password was intended to protect.

Tss, tss. I also found web apps where username and password of
mainframe backend systems were transmitted in Javascript code to the
browser. It's a wild world out there... ;-)

Ciao, Michael.

More information about the Python-list mailing list