Right, it's "just" bindings, but right now browsers don't run Python code. :) I'm fine with this all on principle, but I don't want to see JS crossing from the browser to the desktop without a specific security design. Since there isn't one yet, I'll just make an easy one up: "JavaScript must never be passed from the Browser to the Desktop". We can adjust this when there is something that needs to cross that boundary.
Right, it's "just" bindings, but right now browsers don't run Python code. :) I'm fine with this all on principle, but I don't want to see JS crossing from the browser to the desktop without a specific security design. Since there isn't one yet, I'll just make an easy one up: "JavaScript must never be passed from the Browser to the Desktop". We can adjust this when there is something that needs to cross that boundary.
+1