please dont rip this site

JavaScript: The Definitive Guide

Previous Chapter 1
Introduction to JavaScript
Next
 

1.7 JavaScript Security

Early versions of client-side JavaScript were plagued with security problems. In Navigator 2.0, for example, it was possible to write JavaScript code that would automatically steal the email address of any visitor to the page containing the code. More worrisome was the related capability to send email in the visitor's name, without the visitor's knowledge or approval. This was done by defining an HTML form, with a mailto: URL as its ACTION attribute and using POST as the submission method. With this form defined, JavaScript code could then call the form object's submit() method when the page containing the form was first loaded. This would automatically generate mail in the visitor's name to any desired address. The mail would contain the visitor's email address, which could be stolen for use in Internet marketing, for example. Furthermore, by setting appropriate values within the form, this malicious JavaScript code could send a message in the user's name to any email address.

Fortunately, practically all known security issues in JavaScript have been resolved in Navigator 3.0. Furthermore, Navigator 4.0 will implement a completely new security model that promises to make client-side JavaScript even more secure. Chapter 20, JavaScript Security contains a complete discussion of security in client-side JavaScript.


Previous Home Next
Flavors and Versions of JavaScript Book Index Using the Rest of This Book

HTML: The Definitive Guide CGI Programming JavaScript: The Definitive Guide Programming Perl WebMaster in a Nutshell

file: /Techref/language/JAVA/SCRIPT/definitive/ch01_07.htm, 4KB, , updated: 2019/10/14 15:00, local time: 2024/12/29 05:06,
TOP NEW HELP FIND: 
13.59.217.1:LOG IN

 ©2024 These pages are served without commercial sponsorship. (No popup ads, etc...).Bandwidth abuse increases hosting cost forcing sponsorship or shutdown. This server aggressively defends against automated copying for any reason including offline viewing, duplication, etc... Please respect this requirement and DO NOT RIP THIS SITE. Questions?
Please DO link to this page! Digg it! / MAKE!

<A HREF="http://linistepper.com/Techref/language/JAVA/SCRIPT/definitive/ch01_07.htm"> [Chapter 1] 1.7 JavaScript Security</A>

After you find an appropriate page, you are invited to your to this massmind site! (posts will be visible only to you before review) Just type a nice message (short messages are blocked as spam) in the box and press the Post button. (HTML welcomed, but not the <A tag: Instead, use the link box to link to another page. A tutorial is available Members can login to post directly, become page editors, and be credited for their posts.


Link? Put it here: 
if you want a response, please enter your email address: 
Attn spammers: All posts are reviewed before being made visible to anyone other than the poster.
Did you find what you needed?