| Core function | |
| Implemented in | Navigator 3.0; removed in Navigator 4.0 |
Syntax
taint(dataElementName)
Parameters
dataElementName | (Optional) The property, variable, function, or object to taint. If omitted, taint is added to the script itself. |
Description
Tainting prevents other scripts from passing information that should be secure and private, such as directory structures or user session history. JavaScript cannot pass tainted values on to any server without the end user's permission.
Use taint to mark data that otherwise is not tainted.
In some cases, control flow rather than data flow carries tainted information. In these cases, taint is added to the script's window. You can add taint to the script's window by calling taint with no arguments.
taint does not modify its argument; instead, it returns a marked copy of the value, or, for objects, an unmarked reference to the value.
Examples
The following statement adds taint to a property so that a script cannot send it to another server without the end user's permission:
taintedStatus=taint(window.defaultStatus)
// taintedStatus now cannot be sent in a URL or form post without
// the end user's permission See also
navigator.taintEnabled, untaint
Last Updated: 10/31/97 16:38:00