In terms of
script access to the network, you're stuck at the mercy of reading system support for the foreseeable future.
Not exact matches
Network access for
scripts blows a hole through the heart of this restriction, since with XmlHttpRequest you can grab most anything you want and inject it into a document (using CORS
to get around the same origin policy, of course).
Having
to worry about
network access and what
scripts might be doing complicates validation and distribution of content for everyone, whether legitimate content distributors or not.
Longer term, one idea I've heard floated is
to require
network access only in container - constrained contexts, or, in English, when a
script is embedded within an iframe.
I've happened on a paper published last year by Graham Greenleaf, Philip Chung and Andrew Mowbray, Co-Directors of AustLII & WorldLII, «Emerging Global
Networks for Free
Access to Law: WorldLII's Strategies 2002 - 2005» on
SCRIPT - ed — A Journal of Law, Technology & Society.
Prepare standard login
scripts and establishes
network access protocols
to enable customers
to gain local or remote
access.