It was just brought to my attention that Mozilla is beginning work on a new version of JavaScript (aka ECMAScript). Microsoft, however, would rather web technologies move forward their way, with an entirely new language. As a web developer, I have to side with Mozilla on this one.
We currently have a glut of web programming and scripting languages: from server side languages like PHP and ASP, to client side languages like JavaScript and Flash. Adding more ways to do things to your users' computers, without fixing the issues currently present is not the right way to go. The original ECMAScript was designed by Netscape to be simple and allow an improved user experience on a given page. This originally was mostly sandboxed to only affect the current page or guide users to new pages. With the addition of the DOM and XMLHTTPRequest this has greatly increased the scope of what a page can do, even to the point of allowing some malicious scripts to turn your browser into a zombie bot like regular malware would do to your computer.
Every new web technology has added its own issues and vulnerabilities. From PDF cross site scripting holes, to Quicktime and Flash user input vulnerabilities. Creating an entirely new language will just create more surface area for browser vendors to need to protect (or more likely not protect). However, in upgrading a current technology, Mozilla is only adding a little more surface area (only the new features) and possibly closing up old holes through bug fixes. After glancing over the white paper, many of the new features in JavaScript may lead to better, easier to manage code, with fewer user space bugs.
Microsoft's main argument is that by upgrading the language, rather than creating a new one, old scripts could break and backwards compatibility will be lost. While this could be true, one of the main goals of the ES4 Working Group is to maintain backwards compatibility. This means that, barring a few edge cases, and if all goes as planned, the barrier to entry for ES4 will be minimal, potentially only requiring a browser update (only for previously unsupported features) and, if the developer feels the need for it, training on the new features. However, uptake of a new language will be slow, both on the consumer end where users will have to upgrade their browser or download new plug-ins (anyone want another active-x situation?) and on the developer end where they will need to learn a new language, potentially buy new development tools, and still need to support the users who don't have this new software.
There is also the question of how open Microsoft wants to make it's new language. If history is any indicator, they may try to use it as a wedge to push people back to their browser. Mozilla, however, is an open source company; ECMAScript is an open standard.
No comments:
Post a Comment