There seems to be two approaches to letting browsers invoke
scripts locally:
a) Only allow execution of trusted scripts
b) Provide a safe environment for execution
of non-trusted scripts
You can provide trusted scripts in a number of ways:
i) A set of trusted programs in a local
read-only directory
ii) Scripts signed securely by trusted parties
The latter will have to wait until Secure HTTP takes off.
I am proposing a standard API for non-trusted scripts for
HTML fill-out forms. This will probably appear in HTML 3.1.
-- Best wishes,Dave Raggett
----------------------------------------------------------------------------- Hewlett Packard Laboratories email: dsr@hplb.hpl.hp.com Filton Road tel: +44 272 228046 Stoke Gifford fax: +44 272 228003 Bristol BS12 6QZ United Kingdom