History Repeating Itself (again)
Leaving aside for a moment the irony of the headline "Microsoft asking for help to fix its own buggy software", does it not strike anyone else that this whole Web2 (or indeed Web1) business has all been done before and rejected?
Back in the old days, someone came up with the clever idea of RPCs (Remote Procedure Calls). Great idea - you could get computer A to execute a program on computer B just by asking it. Any program you like, if you configured it that way. A great idea. Until someone pointed out that actually it represented a gaping security and stability risk!
Fast forward, oh, I dunno..., 20 years? And we have web browsers executing all manner of crud downloaded from a multitude of remote servers somewhere. Is it any wonder at all that there is a security / stability problem? The model is fundamentally insecure by design and it can only get worse.
And the answer is? I don't think there is one, except to stop using this model, push more of the functionality back to the server (thin clients anyone?) and if (I say IF) you want to accept that you need _some_ kind of scripting on the client, reduce its scope considerably to just some very basic, restricted operations that can be easily verified not to cause a problem or open up a security hole. Or better still, get rid of the scripting all together and build this functionality into the browser / comms protocol where it can't be tampered with.