Questions tagged [javascript-security]

JavaScript is designed as an open scripting language. It is not intended to replace proper security measures, and should never be used in place of proper encryption.

JavaScript has its own security model, but this is not designed to protect the Web site owner or the data passed between the browser and the server. The security model is designed to protect the user from malicious Web sites, and as a result, it enforces strict limits on what the page author is allowed to do. They may have control over their own page inside the browser, but that is where their abilities end.

45 questions

votes

1 answer

Why same origin policy for XMLHttpRequest

Why do browsers apply the same origin policy to XMLHttpRequest? It's really inconvenient for developers, but it appears it does little in actually stopping hackers. There are workarounds, they can still include javascript from outside sources (the…

security jsonp javascript-security

asked Dec 02 '09 at 01:05

Bart van Heukelom

43,244
59
186
301

votes

1 answer

how do i securely update a remote database from inside a chrome extension?

I am having a real hard time to figure this out. Spent around 4 hours crawling the web no SO post to save me. Imagine a scenario: I have already written a chrome extension, that captures some particular actions on the webpage (mainly a button…

php mysql google-chrome-extension javascript-security

asked Oct 16 '12 at 18:54

whizzzkid

1,174
12
30

votes

3 answers

Why can we link to js files on another domain?

Why is it that when we link to a javascript file on x.com from y.com (for example google analytics or jquery) it doesn't cause any cross domain security issues? For example: in y.com/index.html we have: