We have come full circle #applets
Twenty years ago running java in the browser would have just been called "using the internet"
replies(3):
We have come full circle #applets
Twenty years ago running java in the browser would have just been called "using the internet"
Yep, the original Minecraft ran in the browser in a Java applet so this is particularly fun example. Though obviously there are significant security benefits to the JVM running within the browser's WASM sandbox instead of directly on the host.
> there are significant security benefits to the JVM running within the browser's WASM sandbox instead of directly on the host.
The JVM originally also had the goal of providing a security boundary, and even had a relatively complicated permissions/security model enforced via call stack inspection.
That security model was ultimately too complicated for developers to work with, but I don't think the sandbox itself was particularly insecure.
My recollection is that the SecurityManager was notorious for being relatively easy to work around. Definitely one of the common questions people had when working on the richer HTML5 APIs was "how is your sandboxing going to be more effective than the Java applet model, given that that's known to be full of holes?"