funsec mailing list archives

Google, Python, and the future of AJAX applications

From: "Richard M. Smith" <rms () bsf-llc com>
Date: Sun, 12 Mar 2006 12:02:45 -0500

Hi,

In late 2005, Guido Van Rossum, creator of the Python scripting language,
joined Google.  (See "Google Snakes In Python Creator",
http://tinyurl.com/l3fq7).  This development offers an intriguing
possibility that Google will use Python as a competitor to JavaScript in
order to create more compelling client-side AJAX Web applications.  Google
is one of the pioneers in creating so-called AJAX applications with the
release of their Google Maps and Gmail services.  

However, anyone who has tried to build AJAX application knows that
JavaScript is a relatively weak foundation to work from.  The problem is
that all JavaScript implementations lack a full runtime library.  AJAX
developers end up wasting time and money extending the standard JavaScript
library before they can begin writing application code.

Some examples of missing features in JavaScript runtime libraries which are
typically needed in AJAX applications include:

   - Output formatting functions
   - A proper dictionary data type
   - URL parsing functions
   - Threading support

Python, on the other hand, has much richer collection of runtime libraries.
In addition, Python has already even been integrated into Internet Explorer
using Microsoft's ActiveScripting interface.  This support includes full
access to Document Object Model (DOM) of Web pages.

So what does Google need to do to make Python a competitor to JavaScript as
a client-side scripting?  Not very much actually.  The first order of
business is to create a slimmed-down Python install package which only
includes the Python interpreter and runtime libraries appropriate for a Web
browser scripting language.  The typical Web user has no need for Python
documentation and sample code.  My estimate is that a Python runtime install
package can be kept under 5 megabytes in size which would make it practical
for most Web users to download and install.  

The second piece of work for Google is to do a complete security review of a
Python runtime system to make sure all dangerous runtime functions such as
file I/O and the program execution functions are turned off.  Unfortunately,
Python has had some problems with security in the past when used in Internet
Explorer.  (See http://tinyurl.com/mfoxb)

So will 2006 be remembered as the year that AJAX applications morph into
APAX applications?  Only time will tell.

Richard M. Smith
Boston Software Forensics
http://www.bsf-llc.com
     


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Google, Python, and the future of AJAX applications Richard M. Smith (Mar 12)
- Re: Google, Python, and the future of AJAX applications Florian Weimer (Mar 12)
- Re: Google, Python, and the future of AJAX applications Paul Vixie (Mar 12)
  - RE: Google, Python, and the future of AJAX applications Richard M. Smith (Mar 12)
    - RE: Google, Python, and the future of AJAX applications Larry Seltzer (Mar 12)
  - Re: Google, Python, and the future of AJAX applications Drsolly (Mar 13)
    - Re: Google, Python, and the future of AJAX applications Paul Vixie (Mar 13)
- Re: Google, Python, and the future of AJAX applications Valdis . Kletnieks (Mar 14)
  - RE: Google, Python, and the future of AJAX applications Richard M. Smith (Mar 14)