| 1 |
Tainting ensures that certain properties cannot be freely used
|
| 2 |
These "taintable" properties include cookie, links, title, etc in document; most interesting properties of forms; history; location
|
| 3 |
Once you access such a property from a SERVER different from that which spawned the JavaScript page, your current statement and everything derived from it is "tainted"
-
Checking to see if a variable is tainted, taints your program and so one cannot write useful JavaScript programs involving tainted quantities and networking
|
| 4 |
Tainted variables may NOT be passed over the network to other servers, e.g., to a CGI Script
|
| 5 |
You can control the tainting of pages and untaint them so that remote servers can freely use them
-
However I don't think anybody does this ...
|
