- JavaScript Basics
- JavaScript Home
- JavaScript Syntax
- JavaScript Placements
- JavaScript Output
- JavaScript Statements
- JavaScript Keywords
- JavaScript Comments
- JavaScript Variables
- JavaScript var
- JavaScript let
- JavaScript const
- JavaScript var Vs let Vs const
- JavaScript Operators
- JavaScript Comparison/Logical
- JavaScript Data Types
- JS Conditional Statements
- JavaScript Conditional Statement
- JavaScript if Statement
- JavaScript if-else Statement
- JavaScript switch Statement
- JavaScript Loops
- JavaScript for Loop
- JavaScript while Loop
- JavaScript do-while Loop
- JavaScript Break Continue
- JavaScript Popup Boxes
- JavaScript Dialog Box
- JavaScript alert Box
- JavaScript confirm Box
- JavaScript prompt Box
- JavaScript Functions
- JavaScript Functions
- JS Function with Parameter
- JavaScript Return Statement
- JavaScript Variable Scope
- JavaScript setTimeout() Method
- JavaScript setInterval() Method
- JavaScript Events
- JavaScript Events
- JavaScript onclick Event
- JavaScript onload Event
- JavaScript Mouse Events
- JavaScript onreset Event
- JavaScript onsubmit Event
- JavaScript Objects
- JavaScript Objects
- JavaScript Number Object
- JavaScript Array Object
- JavaScript String Object
- JavaScript Boolean Object
- JavaScript Math Object
- JavaScript RegExp Object
- JavaScript Date Object
- JavaScript Browser Objects
- JavaScript Browser Objects
- JavaScript Window Object
- JavaScript Navigator Object
- JavaScript History Object
- JavaScript Screen Object
- JavaScript Location Object
- JavaScript Document Object
- JS Document Object Collection
- JS Document Object Properties
- JS Document Object Methods
- JS Document Object with Forms
- JavaScript DOM
- JavaScript DOM
- JavaScript DOM Nodes
- JavaScript DOM Levels
- JavaScript DOM Interfaces
- JavaScript Cookies
- JavaScript Cookies
- JavaScript Create/Delete Cookies
- JavaScript Advance
- JavaScript Regular Expression
- JavaScript Page Redirection
- JavaScript Form Validation
- JavaScript Validations
- JavaScript Error Handling
- JavaScript Exception Handling
- JavaScript try-catch throw finally
- JavaScript onerror Event
- JavaScript Multimedia
- JavaScript Animation
- JavaScript Image Map
- JavaScript Debugging
- JavaScript Browser Detection
- JavaScript Security
- JavaScript Misc
- JavaScript innerHTML
- JavaScript getElementById()
- JS getElementsByClassName()
- JS getElementsByName()
- JS getElementsByTagName()
- JavaScript querySelector()
- JavaScript querySelectorAll()
- JavaScript document.write()
- JavaScript console.log()
- JavaScript Programs
- JavaScript Programs
- JavaScript Test
- JavaScript Online Test
- Give Online Test
- All Test List
JavaScript Security
Sometime on downloading and running any programs, which are written by unknown vendors, from the Internet can be dangerous.
You can find any program on Internet, which is beneficial for you. Then you will download that program/software to your system. But while downloading that software some spyware or a virus can install on your system.
JavaScript Security Model
A JavaScript code provides the access to the documents or programs available on different websites. However, it follows JavaScript security model that is based upon Java.
According to JavaScript security model, JavaScript uses a security policy that is a set of rules allows you to perform different kind of
actions under different circumstances. For example, when you try to use the window.close()
method on the main browser window,
a confirmation box appears prompting if you really want to allow the window to be closed. This situation is one of the aspects of JavaScript
security.
Types of Security Policies in JavaScript
There are two security policies in JavaScript:
- Same-origin
- Signed-script
Same-Origin Policy in JavaScript
The same-origin policy is the primary JavaScript security policy. It is also known as single-origin policy or same-site policy.
In same-origin policy, when a script attempts to access the properties or methods of a web page from some other web page, then the browser performs the same-origin check on the URLs of the different web pages. And if the URL of the new web page has the same origin as the previous web page, then only the properties and methods can be accessed.
If the URL of the new web page does not have the same origin, then an error is thrown. Two different web pages have the same origin if they are loaded from the same server by using the same protocol and port number.
Signed-Script Policy in JavaScript
In the signed-script policy, you create a named policy and then apply that policy to a specific list of web sites.
You can define a list of trusted sites to which you are willing to grant certain extended privileges.
« Previous Tutorial CodesCracker Home »