In comp.lang.javascript message <4b0cdfa2$0$3885$9b536df3@news.fv.fi>,
Wed, 25 Nov 2009 09:41:27, optimistx <optimistx@hotmail.com> posted:
>
>Would this be a security risk for the server? Or for the client so that
>the client could blame the programmer?

We do not know who you are, and we do not know who else will read this
thread.

Therefore, while we might reasonably answer "Yes" or "No", we cannot
safely justify an answer of "Yes" by explanation of details, since we
might therefore make ourselves inadvertent accessories before the act.

I do know of a fault in one current/recent browser which gives the
appearance of an untrapped exceeding of range of a form which might
allow the execution of random or arbitrary code; so my answer is
"Perhaps yes". Unfortunately the browser does not seem to offer a
secure-seeming fault reporting system.

--
(c) John Stockton, Surrey, UK. ?@merlyn.demon.co.uk Turnpike v6.05 MIME.
Web <URL:http://www.merlyn.demon.co.uk/> - FAQish topics, acronyms, & links.
Proper <= 4-line sig. separator as above, a line exactly "-- " (SonOfRFC1036)
Do not Mail News to me. Before a reply, quote with ">" or "> " (SonOfRFC1036)