Securing User Content In The Javascriptable Web

My latest blog post appeared on O’Reilly Media’s programming blog.

Recent work by a W3 Working Group plans to expose many powerful cryptographic operations for web applications. Although the planned API adds much needed functionality to JavaScript, it doesn’t address the JavaScript runtime’s terrible security properties …

more ...