Sometime on downloading and running any programs, which are written by unknown vendors, from the Internet can be dangerous.
You can find any program on Internet, which is beneficial for you. Then you will download that program/software to your system. But while downloading that software some spyware or a virus can install on your system.
A JavaScript code provides the access to the documents or programs available on different websites. However, it follows JavaScript security model that is based upon Java.
According to JavaScript security model, JavaScript uses a security policy that is a set of rules allows you to perform different kind of
actions under different circumstances. For example, when you try to use the window.close() method on the main browser window,
a confirmation box appears prompting if you really want to allow the window to be closed. This situation is one of the aspects of JavaScript
security.
There are two security policies in JavaScript:
The same-origin policy is the primary JavaScript security policy. It is also known as single-origin policy or same-site policy.
In same-origin policy, when a script attempts to access the properties or methods of a web page from some other web page, then the browser performs the same-origin check on the URLs of the different web pages. And if the URL of the new web page has the same origin as the previous web page, then only the properties and methods can be accessed.
If the URL of the new web page does not have the same origin, then an error is thrown. Two different web pages have the same origin if they are loaded from the same server by using the same protocol and port number.
In the signed-script policy, you create a named policy and then apply that policy to a specific list of web sites.
You can define a list of trusted sites to which you are willing to grant certain extended privileges.