Jump to content

Taint?


jesh

Recommended Posts

this is the only thing I could find

Navigator version 2.02 and later automatically prevents scripts on one server from accessing properties of documents on a different server. This restriction prevents scripts from fetching private information such as directory structures or user session history.JavaScript for Navigator 3.0 has a feature called data tainting that retains the security restriction but provides a means of secure access to specific components on a page. * When data tainting is enabled, JavaScript in one window can see properties of another window, no matter what server the other window's document was loaded from. However, the author of the other window taints (marks) property values or other data that should be secure or private, and JavaScript cannot pass these tainted values on to any server without the user's permission. * When data tainting is disabled, a script cannot access any properties of a window on another server.In Navigator 4.0, data tainting has been removed. Instead, Navigator 4.0 provides signed JavaScript scripts for more reliable and more flexible security.
Link to comment
Share on other sites

However, the author of the other window taints (marks) property values or other data that should be secure or private, and JavaScript cannot pass these tainted values on to any server without the user's permission.
Interesting. I would have guessed it was more like "dirty" data where the user had modified one or more fields in a form and it would tell the server which fields needed to be updated in the database - or something along those lines.So as of Navigator 4.0, this concept no longer exists in the browsers?I just found this:
The data tainting security modelNetscape Navigator 3 introduced the short-lived concept of data tainting. When enabled, data tainting allowed one browser window to see the properties of another window regardless of what server the window was loaded from. The author of the second page needed to mark which properties where tainted and therefore could not be passed on to a server. Although it was an interesting idea, it required defensive coding, and the client had to enable data tainting.
Funny that they'd come up with "taint":
taint
  1. To affect with or as if with a disease.
  2. To affect with decay or putrefaction; spoil.
  3. To corrupt morally.
  4. To affect with a tinge of something reprehensible.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...