| Core function | |
| Implemented in | Navigator 3.0; removed in Navigator 4.0 |
Syntax
untaint(dataElementName)
Parameters
dataElementName | (Optional) The property, variable, function, or object to remove tainting from. If omitted, taint is removed from the script itself. |
Description
Tainting prevents other scripts from passing information that should be secure and private, such as directory structures or user session history. JavaScript cannot pass tainted values on to any server without the end user's permission.
Use untaint to clear tainting that marks data that should not to be sent by other scripts to different servers.
A script can untaint only data that originated in that script (that is, only data that has the script's taint code or has the identity (null) taint code). If you use untaint with a data element from another server's script (or any data that you cannot untaint), untaint returns the data without change or error.
In some cases, control flow rather than data flow carries tainted information. In these cases, taint is added to the script's window. You can remove taint from the script's window by calling untaint with no arguments, if the window contains taint only from the current window.
untaint does not modify its argument; instead, it returns an unmarked copy of the value, or, for objects, an unmarked reference to the value.
Examples
The following statement removes taint from a property so that a script can send it to another server:
untaintedStatus=untaint(window.defaultStatus)
// untaintedStatus can now be sent in a URL or form post by other
// scripts See also
navigator.taintEnabled, taint
Last Updated: 10/31/97 16:38:00