JavaScript Security

There have been several important changes to JavaScript security in Navigator 3.0. See JavaScript Security for complete details.

• The Document.domain() property allows large websites that use multiple web servers to circumvent the restriction that scripts from one host can't read the properties of windows or documents that come from another host.
• A new security model, based on data tainting, is experimental in Navigator 3.0. When enabled, this new model makes significant changes to the security restrictions placed on JavaScript programs. It also makes new properties and array elements of the History object available, and allows the value property of the Password object to be read.
• The taint() and untaint() functions were added in Navigator 3.0 as part of the new data-tainting security model. The taintEnabled() method of the Navigator object was also added.