jesh Posted November 28, 2006 Share Posted November 28, 2006 Can someone help me understand what this is/was supposed to do?http://www.w3schools.com/htmldom/met_nav_taintenabled.aspWhat exactly is "data tainting"? Link to comment Share on other sites More sharing options...
aspnetguy Posted November 29, 2006 Share Posted November 29, 2006 this is the only thing I could find Navigator version 2.02 and later automatically prevents scripts on one server from accessing properties of documents on a different server. This restriction prevents scripts from fetching private information such as directory structures or user session history.JavaScript for Navigator 3.0 has a feature called data tainting that retains the security restriction but provides a means of secure access to specific components on a page. * When data tainting is enabled, JavaScript in one window can see properties of another window, no matter what server the other window's document was loaded from. However, the author of the other window taints (marks) property values or other data that should be secure or private, and JavaScript cannot pass these tainted values on to any server without the user's permission. * When data tainting is disabled, a script cannot access any properties of a window on another server.In Navigator 4.0, data tainting has been removed. Instead, Navigator 4.0 provides signed JavaScript scripts for more reliable and more flexible security. Link to comment Share on other sites More sharing options...
jesh Posted November 29, 2006 Author Share Posted November 29, 2006 However, the author of the other window taints (marks) property values or other data that should be secure or private, and JavaScript cannot pass these tainted values on to any server without the user's permission.Interesting. I would have guessed it was more like "dirty" data where the user had modified one or more fields in a form and it would tell the server which fields needed to be updated in the database - or something along those lines.So as of Navigator 4.0, this concept no longer exists in the browsers?I just found this:The data tainting security modelNetscape Navigator 3 introduced the short-lived concept of data tainting. When enabled, data tainting allowed one browser window to see the properties of another window regardless of what server the window was loaded from. The author of the second page needed to mark which properties where tainted and therefore could not be passed on to a server. Although it was an interesting idea, it required defensive coding, and the client had to enable data tainting.Funny that they'd come up with "taint": taintTo affect with or as if with a disease. To affect with decay or putrefaction; spoil. To corrupt morally. To affect with a tinge of something reprehensible. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now