Basic HTML version of Foils prepared 11 March 99

Foil 14 Data Tainting

From Overview of JavaScript II -- From Cookies to Dynamical HTML CPS616 Technologies of the Information Age -- Spring Semester 99. by Geoffrey C. Fox (Tom Scavo)
Data tainting, an alternative to the Same Origin Policy, was experimentally implemented in NN3.0
Data tainting allows access to private data (e.g., history[] array) but forbids "export" of this data over the Internet
Both data and methods may be tainted
  • In principle one could selectively control access but in practice it never worked as too hard to "untaint"
Tainting was extremely clumsy and has been disabled in NN4, in favor of signed scripts

© Northeast Parallel Architectures Center, Syracuse University, npac@npac.syr.edu

If you have any comments about this server, send e-mail to webmaster@npac.syr.edu.

Page produced by wwwfoil on Thu Mar 11 1999