JavaScript considered harmful (was Re: New online index to Be azley's tutorials)

Michael Ströder michael at stroeder.com
Wed Jan 9 13:12:00 CET 2002


"John W. Baxter" wrote:
> 
> In article <mailman.1010531652.8777.python-list at python.org>, Delaney,
> Timothy <tdelaney at avaya.com> wrote:
> 
> > My solution? Send all the data as a single Javascript string (fields
> > tab-delimited, records cr-delimited). Then a client-side JS function parsed
> > the string and produced the required HTML.
> 
> Bell Atlantic demonstrated how this approach can go horribly wrong.
> They included password verification in the JavaScript, and the JS
> included the data which the password was intended to protect.

Tss, tss. I also found web apps where username and password of
mainframe backend systems were transmitted in Javascript code to the
browser. It's a wild world out there... ;-)

Ciao, Michael.



More information about the Python-list mailing list