[sword-devel] SwordWeb and Javascript/AJAX

David Haslam d.haslam at ukonline.co.uk
Mon Feb 23 08:22:29 MST 2009

Having scripting permanently switched on is considered by some security
conscious users as a security risk for drive-by malware infections. This has
been discussed in some depth in various episodes of the weekly Security Now!
podcasts hosted at  http://grc.com/ grc.com .

One solution that has been recommended from time to time is a Firefox add-on
called  http://noscript.net/ NoScript .

Having said that, it is true that many online banking and commerce sites use
Javascript, but these would normally be using https to ensure the
transactions are secure.

Many webmail or groupware clients such as the  http://www.horde.org/ Horde 
project also make use of Javascript.

The main point to address if we move to using scripting is to ensure that
the programming does not become vulnerable to 
http://en.wikipedia.org/wiki/Cross-site_scripting XSS  exploits.

-- David

Peter von Kaehne wrote:
> Just to get some feedback here :
> Currently Swordweb largely does not rely on Javascript - and the few
> places where it does use Javascript, can be turned off + functionality
> is then done on the server.
> We are thinking of hugely expanding the use of javascript but that would
> probably require to dump the ability to turn JS off  unless we want to
> duplicate lots and lots of code.
> A few years back it seems this would have been a huge issue, but now I
> find that every other site is using AJAX to their hearts content without
> people complaining about it anymore.
> We will package the existing site as a release after fixing the the last
> few bugs of which we are aware, so that those who want/need a swordweb
> without AJAX can get it.
> So, my question is - would you feel this is a bad move?
> Peter
> _______________________________________________
> sword-devel mailing list: sword-devel at crosswire.org
> http://www.crosswire.org/mailman/listinfo/sword-devel
> Instructions to unsubscribe/change your settings at above page

View this message in context: http://www.nabble.com/SwordWeb-and-Javascript-AJAX-tp22161304p22163547.html
Sent from the SWORD Dev mailing list archive at Nabble.com.

More information about the sword-devel mailing list