JavaScript Resource Center: JavaScript Security

JavaScript Security

http://www.darknet.org.uk/2006/04/ajax-is-your-application-secure-enough/

Blog entry: "AJAX: Is Your Application Secure Enough?" by Navaho Gunleg (April 5, 2006). Discusses the security risks involved when using the XmlHttpRequest-class or object in your web applications. Topics include a basic introduction to AJAX, determining if the AJAX-enabled web-application can tell the difference between a real and a fake XmlHttpRequest, and the author's predictions.

JavaScript Security

http://www.phpfreaks.com/javascript_manual/page/sec.htm

Sample chapter: "JavaScript Security," from the e-book, Client-Side JavaScript Guide, discusses the security models in the different versions of JavaScript. Topics covered in the chapter include same origin policy, using signed scripts and using data tainting.

JavaScript Security in Mozilla

http://www.mozilla.org/projects/security/components/jssec.html

"JavaScript Security in Mozilla," by John Taylor discusses the same origin policy, the signed script policy, using expanded privileges, writing the script, signing scripts, troubleshooting signed scripts, exception handling and debugging invalid signature errors.

JavaScript Security Articles

http://www.devarticles.com/c/a/JavaScript/JavaScript-Security/

JavaScript security articles discusses exceptions to and problems with same-origin policy, signed scripts in Mozilla browsers, signed script practicalities, security zones in Internet Explorer, ActiveX controls, browser security problems with JavaScript, cross-site scripting and preventing cross-site scripting.

< BACK 1 of 1 NEXT >