1 | Since JavaScript does not have internal protection mechanisms like Java, e.g., protected and private, and object properties including methods can be changed at runtime, simple signing of scripts is sometimes not secure enough. |
2 | Different scripts from different principals on the same page can change each other's behaviour. |
3 | Security of the JavaScript is ensured by the following assumption: |
4 | Mixed scripts on an HTML page operate as if they were all signed by the intersection of the principals that signed each script. |
5 | For example, assume principals A and B have signed one script, but only principal A signed another script. In this case, a page with both scripts acts as if it were signed by only A. |
6 |