The ARCHIVE attribute described above hints at another major change in JavaScript 1.2: a new security model. The experimental data tainting model has been discarded, and replaced with the more robust model used by Java applets. The model is conceptually fairly simple: JavaScript code signed by an entity that the user has declared to be trusted can have privileges that untrusted code does not. Those privileges include things like viewing the contents of the History array and submitting forms by e-mail. Essentially, the "hobbles" imposed on untrusted code are lifted for trusted code. In order to take advantage of these new capabilities, JavaScript code must be digitally signed, included in a JAR file, and it must use LiveConnect to invoke Java methods that temporarily enable additional privileges.
file: /Techref/language/java/SCRIPT/definitive/appe_03.htm, 3KB, , updated: 2019/10/14 15:00, local time: 2024/11/27 02:53,
18.222.78.65:LOG IN
|
©2024 These pages are served without commercial sponsorship. (No popup ads, etc...).Bandwidth abuse increases hosting cost forcing sponsorship or shutdown. This server aggressively defends against automated copying for any reason including offline viewing, duplication, etc... Please respect this requirement and DO NOT RIP THIS SITE. Questions? <A HREF="http://techref.massmind.org/Techref/language/java/SCRIPT/definitive/appe_03.htm"> [Appendix E] E.3 Code Signing Security Model</A> |
Did you find what you needed? |
Welcome to massmind.org! |
Welcome to techref.massmind.org! |
.