There have been several important changes to JavaScript security
in Navigator 3.0. See Chapter 20, JavaScript Security for
complete details.
- The Document.domain() property allows large
web sites that use multiple web servers to circumvent the
restriction that scripts from one host can't read the
properties of windows or documents that come from another
host.
- A new security model, based on data tainting, is experimental
in Navigator 3.0. When enabled, this new model makes
significant changes to the security restrictions placed on
JavaScript programs. It also makes new properties and array
elements of the History object available, and allows the
value property of the Password object to be
read.
- The taint() and
untaint() functions were added in Navigator
3.0 as part of the new data-tainting security model. The
taintEnabled() method of the Navigator
object was also added.
