Proof-carrying code is a fine idea, but the proofs for JS programs get into subtle security ideas, confidentiality and integrity being the big two. Information-flow type systems can address this, but I'm not sure I would call them production ready.
Moreover, Javascript is already a very low bar to set in terms of security, and there are still serious compatibility issues between implementations.
Finally, the fact that the web is human-readable is a boon. Who will standardize the bytecode representation? Our benevolent Macromedia/Adobe overlords? Microsoft? The W3C?
Moreover, Javascript is already a very low bar to set in terms of security, and there are still serious compatibility issues between implementations.
Finally, the fact that the web is human-readable is a boon. Who will standardize the bytecode representation? Our benevolent Macromedia/Adobe overlords? Microsoft? The W3C?