<OT> VBscript in html: Security threat?

[Kurt Wall]

Quoth Joel Hammer:
> I see that vbscript can be embedded in html.
> 
> Javascript was written to make it very hard to attack the client computer,
> whereas vbscript doesn't have these safeguards built in, does it? VBscript
> can do a lot of stuff, like write to your hard drive and run windows
> software.  It really is a beaut.

For writers of virii, indeed it is.

> It would seem like child's play to encode malicious things in vbscript
> and let the IE users get whacked.  If IE somehow was protected against
> running this program, it would be easy to make a vbscript a payload
> (cool screen saver!) and then have the unlucky user click on it and run it.

Ayup.

> What am I missing?

Not a thing.

> Who in his right mind would use vbscript over javascript in their html,
> anyway? Why would you keep out anyone not using IE and a modern version
> of windows? (Let me guess. People who use MS development products.)

I don't know. But, because I prefer choice and standards-compliance,
I probably will never understand.

Kurt
-- 
Cloning is the sincerest form of flattery.