Claude said:
I'm aware that J-script is different than Javascript; the former requiring
server-side execution.
That is incorrect.
JScript is a language developed by Microsoft. It implements the
ECMAScript standard and is mostly compatible with Netscape Corp.'s
JavaScript language.
JScript is the language used to execute web-page scripts in IE with
types both text/javascript and text/jscript.
It is also available as one of the languages one can write ASP pages
in (although the newest versions of ASP uses JScript.net)
Obviosuly, the environment will be different whether the JScript
script is being run as part of a web page in a browser, as part
of an ASP page on the server or as a stand-alone script using
the windows scripting host.
Microsoft has an overview of the versions of JScript:
<URL:
http://msdn2.microsoft.com/2z6exc9e.aspx>
It shows which versions comes with which other product, be it
a browser, a web server, or an operating system.
What I don't understand from reading the last few posts is the
concept of Javascript being a server-side app. When I debug or
"prove" my JS functions, I can do it on my local machine, no web
server req'd. But when I'm debugging PHP, I have to upload it to my
web server because that's where the PHP "interpreter" resides.
Whereas the JS "interpreter" is totally client-side. Therefore,my
understanding is that the interpretation and execution of JS is
totally client-side.
It can be server-side if you want it (and have IIS available).
However, the script you write for the server-side environment should
not be the same as you write for a web-client.
What I assumed about JS "parsing" out and rejecting user input that
contained "www" or "http" is that the form could not be "submitted" without
invoking the "onsubmit" function which would perform this action of
filtering.
Normally, no, but it takes nothing fancier than having Javascript
turned off in the browser to bypass the onsubmit function.
Client-side scripting cannot be used to ensure security, since the
client controls the script. A malicious client can omit or modify
the script in any way it wants to.
/L