I am still learning all of this and am not up on javascript as much as I should be, but I do have a question regarding its capabilities.

The question is can javascripts in the wrong hands implement permanent changes to a users system? I know about the sandbox theory Sun advertises but I have heard comments which led me to ask.

I know javascript can’t reformat a hard drive or do other virus activities, but can it change a browsers homepage or initiate other changes the user may not want?

What prompted me to ask this is there is a lot of concern on the Ebay message boards these days. Every scam artist in the world has targeted Ebay users recently and the con is to send fraudulent email to users that is indistinguishable from ebay’s.

The scare is that hitting the link on this email will take you to a site where the user could have a key mapper program or some other spyware loaded on their machine that security software might not detect.

The reason I am asking is the site I am working on uses a reasonable amount of javascript. My concern is if users see this as a threat they will disable java and kill most of the features like mortgage calculators, etc.

So how far can javascript really go?

If it can change browser home pages or other settings without the users consent, it is going to be disabled by most people as soon as word gets out.