• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL

Chapter 1. JavaScript Pocket Reference > JavaScript Security Restrictions

1.13. JavaScript Security Restrictions

For security reasons, there are restrictions on the tasks that untrusted JavaScript code can perform. In Navigator 4, signed scripts can circumvent these restrictions by requesting certain privileges:

Same origin policy

Scripts can only read properties of windows and documents that were loaded from the same web server unless they have UniversalBrowserRead.

User's browsing history

Scripts cannot read the array of URLs from the History object without UniversalBrowserRead.

File uploads

Scripts cannot set the value property of the FileUpload form element without UniversalBrowserRead.

Sending email and posting news

Scripts cannot submit forms to a mailto: or news: URL without user confirmation or UniversalSendMail.

Closing windows

A script can only close browser windows that itcreated, unless it gets user confirmation or has UniversalBrowserWrite.

Snooping in the cache

A script cannot load any about: URLs, such as about:cache, without UniversalBrowserRead.

Hidden windows and window decorations

A script cannot create small or offscreen windows or windows without a titlebar, and cannot show or hide window decorations without UniversalBrowserWrite.

Intercepting or spoofing events

A script cannot capture events from windows or documents from a different server and cannot set the fields of an Event object without UniversalBrowserWrite.

Reading and setting preferences

A script cannot read or write user preferences using Navigator.preference() without UniversalPreferencesRead or UniversalPreferencesWrite.



Not a subscriber?

Start A Free Trial

  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint