> Also note that, if I specify my goal as viewing a PDF document, I am explicitly telling the computer I that running a script is not something I want to be doing.
LOL, no, you don't.
At least in general, for interacting with rich documents.
Imagine for a moment disabling JavaScript in your browser and browsing HN. Or any other important website. Now go ahead and actually try that -- you'll find that you've vastly underestimated the impact on usability. That you've missed a lot of functionality that is seamless, unobtrusive -- and you only notice its importance once its gone.
Thank you, I rest my case [0] [1].
> (...) you'd specify its permissions ahead of time, in the form of a natural-language phrase that is fuzzily-keyed in a HTM memory-base (...)
It strikes me as something very open to attacking special cases. Like weak encryption -- works most of the time, but breakable by somebody with incentives. But that's just a hitch, no hard facts.
The UX reeks of the UAC -- I can't see any bottom-line minding company repeating that mistake.
----
[0] yes, I know some people use the `noscript' plugin or similar. Still, the second basic functionality of such plugin is whitelisting websites for enabling JS on 'em.
[1] In any case, a bug in interpreter of any no-scripted (`plain data') document can give way to memory corruption and code injection. Happened way too many times with browsers, movie players etc. Exploit hidden in PNG? Heck, why not?
LOL, no, you don't.
At least in general, for interacting with rich documents.
Imagine for a moment disabling JavaScript in your browser and browsing HN. Or any other important website. Now go ahead and actually try that -- you'll find that you've vastly underestimated the impact on usability. That you've missed a lot of functionality that is seamless, unobtrusive -- and you only notice its importance once its gone.
Thank you, I rest my case [0] [1].
> (...) you'd specify its permissions ahead of time, in the form of a natural-language phrase that is fuzzily-keyed in a HTM memory-base (...)
It strikes me as something very open to attacking special cases. Like weak encryption -- works most of the time, but breakable by somebody with incentives. But that's just a hitch, no hard facts.
The UX reeks of the UAC -- I can't see any bottom-line minding company repeating that mistake.
----
[0] yes, I know some people use the `noscript' plugin or similar. Still, the second basic functionality of such plugin is whitelisting websites for enabling JS on 'em.
[1] In any case, a bug in interpreter of any no-scripted (`plain data') document can give way to memory corruption and code injection. Happened way too many times with browsers, movie players etc. Exploit hidden in PNG? Heck, why not?