--- In email@example.com
, Norman Hardy <norm@...> wrote:
> I quote from the MashupOS paper from Microsoft that Doug referred us to:
> There is either no trust across principals through complete isolation
> or full trust through incorporating third party code as libraries.
> Where can I learn about these libraries--who can add to them and who
> can call them?
> Is there an implication that the 'third party' is mutually trusted?
There are lots of Ajax libraries out their. You can find some pointers
to them at Ajaxian.com. The web developer selects scripts from the
library and includes then using HTML script tags. These scripts have
access to everything. The scripts generally do not have secrets of
Most libraries get copied to your server. Some libraries, such as Dojo
and YUI, can be loaded from 3rd party servers.
A recent fad on sites with user-generated pages (like MySpace) is
provide access to logging, galleries, and video. And the badges have
access to everything.