Given all the security problems associated with ActiveX/javascript/etc., I have to wonder about a couple of things (insert disclaimer here). First, isn't there a fiduciary responsibility to disable these technologies? That is, if you are a trustee and responsible for information technology and you choose not to mitigate or eliminate these technologies can't you be held personally responsible for any financial losses the company suffers as a result of your action/inaction? I'm no lawyer but I have to wonder.
Secondly, whether there is a responsibility or not, why would you want to use javascript when there are alternatives that work in all browsers but don't open security holes? For example, I got an invitation from Dell recently asking me to participate in a survey to help them redesign their support web site. OK, I'm willing to spend a few minutes to help improve their support site since I use it once in awhile.
So I fill out the online survey and hit the submit button. But nothing happens. I click on the button several times before I notice the submit button was written using javascript code. Hmmm. Since javascript is a common way to inject viruses/Trojan horses/etc. on to your computer, I've long since disabled it. In fact, most of what Microsoft considers to be features turn out to be security holes so I don't use their outdated browser anymore (see this article from Brian Livingston here on why). As an aside, I decided to complain to Dell about the use of javascript but their comments page also uses a javascript submit button. Sigh.
But even if I didn't use a different browser, why use javascript to submit a form when you could use post or get? Neither post nor get opens the user to any security threats (AFAIK). Nada. None. Zip. What advantage to the user is there to using javascript submit button? Again, nada, none, zip.
So why use it when that is the only javascript on the page? All you are doing is keeping all users who are security conscious from using your site. Is this a good thing? Is there a competitive advantage to barring people from using your site? If so, what advantage is that? Wouldn't a site written to the widest standards have an advantage over those written specifically to Microsoft's standards?
Aloha!
