Services & Software

IE competitors mull ActiveX alternative

Mozilla, Opera, Apple, Sun and Macromedia plot a way for non-Microsoft browsers to run scriptable plug-ins.

Everybody who is anybody who is not Microsoft has joined forces to create a new way of running software applications inside a Web browser.

At stake is the future of Web "plug-ins," third-party programs such as Macromedia's Flash animation software that operate within browsers. Microsoft's rivals want to enhance plug-ins to match capabilities available in Internet Explorer through Microsoft's ActiveX technology.

The Mozilla Foundation, Opera Software and Apple Computer--all browser makers--said on Wednesday that they have teamed up with plug-in vendors Sun Microsystems, Adobe Systems and Macromedia to revise the way plug-ins run in non-Microsoft browsers.

ActiveX lets plug-ins interact directly with the content on a Web page, creating a powerful tool that's gained notoriety for repeated security problems. Using ActiveX, a music Web page can play a song list through Microsoft's Windows Media Player plug-in, or a Flash e-commerce movie can send price totals back to a billing Web page.

The rest of the browser world has long relied on the NPAPI (Netscape Plug-in Application Programming Interface) to launch plug-ins.

The Mozilla Foundation is an open-source group developing browser code that originated with Netscape Communications before Netscape was acquired by America Online. Last year, AOL spun off the open-source group as a nonprofit foundation and renewed its browser ties with Microsoft.

"There's currently a hole in what's available, if you're not willing to be part of the Microsoft ActiveX world," said Mozilla Foundation President Mitchell Baker. "That's existed for a while and appeared to be difficult to fix, but we made the decision to gather up the players and fix it not only for Mozilla, but (also) for the rest of the browser and plug-in providers."

Mozilla's update to the NPAPI relies on a World Wide Web Consortium (W3C) recommendation called the DOM, or Document Object Model. The DOM is designed to let scripting languages like JavaScript act directly on elements of a Web page.

Microsoft's powerful and proprietary ActiveX technology has long been faulted for its lack of security. Mozilla said its updated NPAPI would address security concerns head-on but did not say how.

Baker said her group would start implementing the new NPAPI in nightly builds of the Mozilla code base over the next few weeks, before entering a testing phase. The technology won't be usable until plug-in vendors support it, and Baker said there is no time frame for that phase of the upgrade.

Scripting aficionados hailed the partnership.

"It's good news that there's cooperation from Mozilla, Opera and the other players," said Dave Winer, the owner of Scripting News and, until tomorrow, at the Berkman Center for the Internet & Society at Harvard Law School. "And it's just generally a very good thing to see the Web going forward as a platform and making progress."