JS is 22 years old today.

I joined Netscape on 4 April 1995, lured by jg&mtoy to "do scheme in the browser". Upon joining I found (1) headcount wars in pre-IPO NSCP left the client group unable to hire me as planned, so I joined the server team; (2) Sun was doing the Java deal with Netscape. Sun viewed Netscape as the vector for its Java virus, didn't care about integration with HTML -- but Bill Joy "got it" and along with Marc Anddressen supported me doing "Mocha". After a month on server side

(where I worked with the McCool twins and Ari Luotonen) I transitioned to the client team under Tom Paquin and dove into JS. On May 5, 1995, I started by implementing a JS scanner/parser in a day or so, then a bytecode interpreter (as the Livewire server product wanted to avoid recompiling from src on every request). I also wrote a decompiler (this bit back; my friend Lars Thomas Hansen formerly of Opera had similar experience). I was aiming for demo day, Monday, May 15, 1995, & hit the target.

My demo was a "JS console" via a javascript:-URL-addressed post-method build-in form request handler. The first JS console. After showin basic math and the recursive Fibonacci function, I had a crash, which I back-traced in gdb and joked "everyone's to blame!" as my code, Lou Montulli's netlib, Eric Bina's layout engine, and jwz's X front end were all on-stack, lol.

I had designs on ebina's layout code, but it parsed very quickly (modems!) into a flat display-list-like structure - no hierarchy.

Follow

So the "DOM level 0" was very flat: document.{links,forms,anchors,tables} and indexing deeper from there. The ability to script form submit gestures was great. The Image constructor came later, in Netscape 3 -- along with <script src=> -- but even in NS2 people could build "Single Page Applications" (SPAs) via frames/framesets/onclick=javascript: URLs. It was awesome. Also crashy and insecure as hell.

I reckoned based on Butler Lampson papers that I needed a pricipal identifer: scheme:host:port

· · Web · 0 · 5 · 5

The "same-origin policy" was born. My aim was to restrict access via reference (JS strong ref in GC heap, equivalent to Object Capability Security "capability") to same-origin objects, plus a few exceptions such as another frame or window whose location object one could navigate. I wanted to enable origins to implement JS apps whose subframes could load content from distinct origins, but still control the navigation from the top level. This worked to a greater extent than I expected; also, XSS!

(correction: s/tables/images/ -- tables were not reified in the early DOM but their image/form/link/anchor contents were. fun bug where ebina's 2^n table layout nesting depth n created n instances from one markup element, which combined with radio-button-inspired auto-arraying of multiple same-name= attribute value element objects. last one pushed was the real one!)

@BrendanEich thank you for sharing, Brendan! 22 years! Congrats 😌

@BrendanEich I still remember how I was amazed seeing Netscape Enterprise Server 2.0 or maybe 3.0 cool JS interface

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!