The famous speaker who no one had heard of said: > Another thing that contributes to the proliferation of this malware is > the use of active content in web pages and e-mails. Hence HTML mail > is evil! Another big reason to hate javascript. Those scripts can be > used to launch local code on your machine to do God knows what and we > can't look at a lot of it because it is secret proprietary code. > Correction: the HTML stuff can often be looked at locally offline but > I think that flash stuff is protected. Stick to text-only web and > e-mail and those outlets will never spy on you. Agreed. I have a very strong belief that all web page scripts should be executed server-side with things such as php and perl scripts in shtml files. There is, in my opinion, absolutely *no need* to force a user's browser to execute a script to do something that can be executed server-side. Also, server-side script execution produces standard html output, so if there is a virus or spyware in a server-side script, it will simply backfire on the person who is using it, not the person who is trying to view the web page. Also, server-side scripts can be viewed by the person who needs to see them, E.G. the server administrator, who can verify that the script is clean long before it ever even gets on the server. And as far as I know, there is *nothing* that can be executed by a browser that can't be executed on the server just as easily, if not more easily. Just my $0.02. Put it in the bank and enoy. ;) PRINCE
