On Sun, Aug 7, 2011 at 10:40 PM, Uwe Baumbach U.Baumbach@web.de wrote:
Concerning your security headache I think it is more comprehensible for JavaScript (sandboxes) then for Java, and MediaWiki is "swimming" in JavaScript. But ultimate decision makes the user.
I'm not sure what you think "my" security headache is -- I'm talking about browser and OS makers disabling the Java plugin or failing to install Java in the first place. One of the reasons sometimes given is that the single-vendor Sun/Oracle JRE has a history of security vulnerabilities that are not present in browsers otherwise. (Similar concerns exist for Adobe Flash, another single-vendor plugin with a history of security vulnerabilities that are not present in browsers otherwise.) Most of the major browsers have their own JavaScript implementations, which is a healthier ecosystem to begin with, and more importantly allows each OS or browser vendor to actually ship fixes. ;)
-- brion