Basic HTML version of Foils prepared 11 March 99

Foil 14 Data Tainting

From Overview of JavaScript II -- From Cookies to Dynamical HTML CPS616 Technologies of the Information Age -- Spring Semester 99. by Geoffrey C. Fox (Tom Scavo)
1 Data tainting, an alternative to the Same Origin Policy, was experimentally implemented in NN3.0
2 Data tainting allows access to private data (e.g., history[] array) but forbids "export" of this data over the Internet
3 Both data and methods may be tainted
  • In principle one could selectively control access but in practice it never worked as too hard to "untaint"
4 Tainting was extremely clumsy and has been disabled in NN4, in favor of signed scripts
in Table To:

© Northeast Parallel Architectures Center, Syracuse University, npac@npac.syr.edu

If you have any comments about this server, send e-mail to webmaster@npac.syr.edu.

Page produced by wwwfoil on Thu Mar 11 1999