Navigator 3.0 with data tainting enabled
taint() taint(value)
The value for which a tainted copy is to be made. If this argument is not specified, then taint() adds taint to the current window instead.
A tainted copy of value, if it is a primitive data type, or a tainted reference to value, if it is an object type.
The taint() function is used when the data-tainting security model is in effect. See Chapter 20, JavaScript Security for details on this security model. JavaScript automatically associates taint with data values that are potentially private, and which should not be "stolen" by scripts. If you have additional sensitive data that is not automatically tainted by JavaScript, you can add taint to it with the taint() function.
taint() does not taint the value it is passed; instead, it returns a tainted copy of that value, or a tainted reference to that value for object types. (Note that taint is associated with primitive values and with references to objects, not with the objects themselves.)
Sometimes taint is carried not by data values, but by the control flow of a program. In this case, you may want to add taint to the entire window in which JavaScript code runs. You can do this by calling taint() with no arguments.
This HTML Help has been published using the chm2web software. |