Javascript [Electronic resources] : The Definitive Guide (4th Edition) نسخه متنی

21.2 Restricted Features

As I've already
mentioned, the first line of defense against malicious scripts in
client-side JavaScript is that the language simply omits certain
capabilities. The second line of defense is that JavaScript imposes
restrictions on certain features that it does support. For example,
client-side JavaScript supports a close( ) method for the
Window object, but most (hopefully all) web-browser implementations
restrict this method so that a script can close only a window that
was opened by a script from the same web server. In particular, a
script cannot close a window that the user opened; if it tries to do
so, the user is presented with a confirmation box asking if he really
wants to close the window.

The most important of these security restrictions is known as the
same-origin policy and is described in the
next section. The following is a list of the other security
restrictions found in most implementations of
client-side JavaScript. This is not a
definitive list. Each browser may have a slightly different set of
restrictions, and the proprietary features of each browser may well
have proprietary security restrictions to go along with them.

• The History object was originally
  designed as an array of URLs that represented the complete browsing
  history of the browser. Once the privacy implications of this became
  apparent, however, all access to the actual URLs was restricted, and
  the History object was left with only its back( ),
  forward( ), and go( ) methods
  to move the browser through the history array without revealing the
  contents of the array.
  




• The value property of the
  FileUpload object cannot be set.
  If this property could be set, a script could set it to any desired
  filename and cause the form to upload the contents of any specified
  file (such as a password file) to the server.
  




• A script cannot submit
  a form (using the
  
  submit( ) method of the
  Form object, for example) to a mailto: or
  news: URL without the
  user's explicit approval through a confirmation dialog box.
  Such a form submission would contain the user's email address,
  which should not be made public without obtaining the user's
  permission.
  




• A JavaScript program cannot close a browser window without
  user confirmation unless it opened the window itself. This prevents
  malicious scripts from calling self.close( ) to
  close the user's browsing window, thereby causing the program
  to exit.
  




• A
  script cannot open a window
  that is smaller than 100 pixels on a side or cause a window to be
  resized to smaller than 100 pixels on a side. Similarly, such a
  script cannot move a window off the screen, or create a window that
  is larger than the screen. This prevents scripts from opening windows
  that the user cannot see or could easily overlook; such windows could
  contain scripts that keep running after the user thinks they have
  stopped. Also, a script may not create a browser window without a
  titlebar, because such a window could be
  made to spoof an operating-system dialog box and trick the user into
  entering a sensitive password, for example.
  




• A script may not
  cause a window or frame to display an about:
  URL, such as about:cache, because these URLs can
  expose system information, such as the contents of the
  browser's cache.
  




• A script
  cannot set
  any of the properties of an Event object. This
  prevents scripts from spoofing events. A script cannot register event
  listeners within for or capture events for documents
  loaded from different sources than the script. This prevents scripts
  from snooping on the user's input (such as the keystrokes that
  constitute a password entry) to other pages.