please dont rip this site

JavaScript: The Definitive Guide

Previous Chapter 20
JavaScript Security
Next
 

20.3 The domain Property

As we've seen, Navigator 2.0.2 and later implement a very general security hobble intended to blanket an entire category of security holes: scripts from one server cannot read properties of windows or documents from another server. This is quite a severe restriction, and poses problems for large web sites that use more than one server. For example, a script from home.netscape.com might legitimately want to read properties of a document loaded from developer.netscape.com. While this seems like a reasonable and secure thing to do, the hobble does not allow it.

In order to support large web sites of this sort, Navigator 3.0 slightly relaxes the security hobble by introducing the domain property of the Document object. Internet Explorer 3.0 does not implement this property, but, as noted above, it also does not implement the problematic security hobble. By default, the domain property is the same as the hostname of the web server from which the document was loaded. You can set this property, but only to a string that is a valid domain suffix of itself. Thus, if domain is the string "home.netscape.com", you can set it to the string "netscape.com", but not to "home.netscape" or "cape.com", and certainly not to "microsoft.com".

If two windows contain scripts that both set their domain to the same value, then the security hobble will be relaxed for these two windows and in each of windows may read properties from the other.


Previous Home Next
Security Holes and Security Hobbles Book Index The Data-Tainting Security Model

HTML: The Definitive Guide CGI Programming JavaScript: The Definitive Guide Programming Perl WebMaster in a Nutshell

file: /Techref/language/JAVA/SCRIPT/definitive/ch20_03.htm, 4KB, , updated: 2019/10/14 15:00, local time: 2024/11/19 19:29,
TOP NEW HELP FIND: 
18.191.186.12:LOG IN

 ©2024 These pages are served without commercial sponsorship. (No popup ads, etc...).Bandwidth abuse increases hosting cost forcing sponsorship or shutdown. This server aggressively defends against automated copying for any reason including offline viewing, duplication, etc... Please respect this requirement and DO NOT RIP THIS SITE. Questions?
Please DO link to this page! Digg it! / MAKE!

<A HREF="http://linistepper.com/Techref/language/JAVA/SCRIPT/definitive/ch20_03.htm"> [Chapter 20] 20.3 The domain Property</A>

After you find an appropriate page, you are invited to your to this massmind site! (posts will be visible only to you before review) Just type a nice message (short messages are blocked as spam) in the box and press the Post button. (HTML welcomed, but not the <A tag: Instead, use the link box to link to another page. A tutorial is available Members can login to post directly, become page editors, and be credited for their posts.


Link? Put it here: 
if you want a response, please enter your email address: 
Attn spammers: All posts are reviewed before being made visible to anyone other than the poster.
Did you find what you needed?