4.20 JAVASCRIPT SECURITY
A web browser is a complex piece of software, and JavaScript is a powerful scripting language. It is no surprise that the intersection between these elements will be far too complex. On the flip side, it offers potential security holes. However, there are certain precautions that the language itself tries to provide.
The window object allows a lot of control to the JavaScript programmer.
4.20.1 File Handling and Execution
JavaScript cannot read files from the file server (except for cookies). Similarly, it cannot write any file into the file system (except through server-side programs). Likewise, it cannot execute any program in the file system.
4.20.2 Same Origin Policy
This security policy applies to client-side scripting ...
Get Web Technology: Theory and Practice now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
