[1529] in WWW Security List Archive
Re: JavaScript to grab email (fwd)
daemon@ATHENA.MIT.EDU (Brian Clapper)
Fri Feb 23 13:01:43 1996
Date: Fri, 23 Feb 1996 09:47:53 -0500
From: Brian Clapper <bmc@telebase.com>
To: "Robert S. Muhlestein" <robertm@teleport.com>
Cc: George Spafford <gspaff@execpc.com>, "Daniel L. Smith" <dls@JavaJoint.com>,
www-security@ns2.rutgers.edu
In-Reply-To: <63858962@toto.iv>
Errors-To: owner-www-security@ns2.rutgers.edu
>>>>> "Robert" == Robert S Muhlestein <robertm@teleport.com> writes:
Robert> Have you done this? Has anyone else? "Hooked on Java" and all the
Robert> other info I get from Sun and others suggests local drive read and
Robert> write access is only available to "trusted" applets (presumably a
Robert> future Netscape pref setting). Do you have any proof to support
Robert> your claim (besides the recent posting about connecting to any
Robert> host, which, I agree, is very scary).
JavaScript != Java. They're two different things. In Netscape's own
words:
Built-in JavaScript: Netscape Navigator now includes a built-in
scripting language, called JavaScript. JavaScript, based on the
JAVA language, extends and enhances the capabilities of HTML
documents. JavaScript supports most of JAVA's expression syntax and
basic control flow constructs, but without JAVA's strong type
checking and static typing. JavaScript is embedded in HTML
documents with a <SCRIPT> tag, and there is no compilation needed
to run the script.
----
Brian Clapper .............................................. bmc@telebase.com
http://www.netaxs.com/~bmc/ ............. PGP public key available on request
I do not know myself, and God forbid that I should.
-- Johann Wolfgang von Goethe
