funsec mailing list archives
Google, Python, and the future of AJAX applications
From: "Richard M. Smith" <rms () bsf-llc com>
Date: Sun, 12 Mar 2006 12:02:45 -0500
Hi, In late 2005, Guido Van Rossum, creator of the Python scripting language, joined Google. (See "Google Snakes In Python Creator", http://tinyurl.com/l3fq7). This development offers an intriguing possibility that Google will use Python as a competitor to JavaScript in order to create more compelling client-side AJAX Web applications. Google is one of the pioneers in creating so-called AJAX applications with the release of their Google Maps and Gmail services. However, anyone who has tried to build AJAX application knows that JavaScript is a relatively weak foundation to work from. The problem is that all JavaScript implementations lack a full runtime library. AJAX developers end up wasting time and money extending the standard JavaScript library before they can begin writing application code. Some examples of missing features in JavaScript runtime libraries which are typically needed in AJAX applications include: - Output formatting functions - A proper dictionary data type - URL parsing functions - Threading support Python, on the other hand, has much richer collection of runtime libraries. In addition, Python has already even been integrated into Internet Explorer using Microsoft's ActiveScripting interface. This support includes full access to Document Object Model (DOM) of Web pages. So what does Google need to do to make Python a competitor to JavaScript as a client-side scripting? Not very much actually. The first order of business is to create a slimmed-down Python install package which only includes the Python interpreter and runtime libraries appropriate for a Web browser scripting language. The typical Web user has no need for Python documentation and sample code. My estimate is that a Python runtime install package can be kept under 5 megabytes in size which would make it practical for most Web users to download and install. The second piece of work for Google is to do a complete security review of a Python runtime system to make sure all dangerous runtime functions such as file I/O and the program execution functions are turned off. Unfortunately, Python has had some problems with security in the past when used in Internet Explorer. (See http://tinyurl.com/mfoxb) So will 2006 be remembered as the year that AJAX applications morph into APAX applications? Only time will tell. Richard M. Smith Boston Software Forensics http://www.bsf-llc.com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Google, Python, and the future of AJAX applications Richard M. Smith (Mar 12)
- Re: Google, Python, and the future of AJAX applications Florian Weimer (Mar 12)
- Re: Google, Python, and the future of AJAX applications Paul Vixie (Mar 12)
- RE: Google, Python, and the future of AJAX applications Richard M. Smith (Mar 12)
- RE: Google, Python, and the future of AJAX applications Larry Seltzer (Mar 12)
- Re: Google, Python, and the future of AJAX applications Drsolly (Mar 13)
- Re: Google, Python, and the future of AJAX applications Paul Vixie (Mar 13)
- RE: Google, Python, and the future of AJAX applications Richard M. Smith (Mar 12)
- Re: Google, Python, and the future of AJAX applications Valdis . Kletnieks (Mar 14)
- RE: Google, Python, and the future of AJAX applications Richard M. Smith (Mar 14)