Team LiB
Previous Section Next Section

Using Signed Scripts

All inline scripts, event handler scripts, or JavaScript files that are signed require a SCRIPT tag's ARCHIVE attribute whose value is the name of the JAR file that contains the digitally signed scripts.

For example, to sign an inline script, you would use the following syntax:

<script archive="MySignedArchive.jar" ID="a">
<!--
  ...
// -->
</script>

To import functionality from a JavaScript file that is signed, you would use the following syntax:

<script archive="MySignedArchive.jar" src="MyScriptFile.js"> </script>

Event handlers do not need to directly specify an archive attribute, but they should always follow a script tag that does. For example:

<script archive="MySignedArchive.jar" ID="a">
<!- 
  ...
// -->
</script>

<form onSubmit="JavaScript: formSubmit();" ID="b">
  ...
</form>

Unless you are using more than one archive file, you need only specify the attribute value in the first script tag. For example:

<script archive="MySignedArchive.jar" ID="a"> 
<!--
  document.write( "This is a signed script." ); 
// -->
</script>

<script ID="b"> 
<!--
  document.write( "This is also a signed script." ); 
// -->
</script>

Every signed inline and event handler script requires an ID attribute. The ID is a unique string that identifies the script to its signature in the JAR file. Each ID is unique to each JAR file—no two script tags can use the same JAR file and have the same ID. On the other hand, two script tags using different JAR files can have the same ID.

Using Expanded Privileges

Within a signed script are many very powerful features, or "privileges," that you can use to perform many operations in areas you normally would not have access to. First, though, you must ask for these privileges. Requesting an expanded privilege requires one line per privilege.

Here is an example that requests a privilege called UniversalSendMail:

netscape.security.PrivilegeManager.enablePrivilege("UniversalSendMail")

This line of code allows the author of the script to send e-mail on the visitor's behalf.

There are several privileges that you can request from the browser. Table 12.1 lists and describes some of these privileges.

Table 12.1: Netscape Signed Script Privileges

Privilege Name

Description


UniversalBrowserRead

Allows reading of privileged data from the browser

UniversalBrowserWrite

Allows modification of privileged data in a browser.

UniversalBrowserAccess

Allows both reading and modification of privileged data from the browser.

UniversalFileRead

Allows a script to read any files stored on hard disks or other storage media connected to your computer.

UniversalPreferencesRead

Allows the script to read preferences using the navigator.preference method.

UniversalPreferencesWrite

Allows the script to set preferences using the navigator.preference method.

UniversalSendMail

Allows the program to send mail in the user's name.

This is only a partial list of the privileges or targets that you can request. For a complete list, see http://developer.netscape.com/docs/manuals/signedobj/targets/index.html.

JavaScript Features Requiring Privileges

There are many features of the JavaScript language that may not be used unless they are part of a signed script. Table 12.2 lists the features that signed scripts give you and what privilege you need to request in order to use them.

Table 12.2: Privileged Features

Feature

Privilege


Set a file upload widget

UniversalFileRead

Submit a form to a mailto: or news: URL

UniversalSendMail

Use an about: URL other than about:blank

UniversalBrowserRead

Set any property of an event object

UniversalBrowserWrite

Get the value of the data property from a DragDrop event

UniversalBrowserRead

Get the value of any property of the history object

UniversalBrowserRead

Get or set the value of a preference from the navigator object using the preference method

UniversalPreferencesRead

Many functions of the window object, such as writing files to the hard drive, require

UniversalBrowserWrite.

Summary

Like any software technology, JavaScript has the occasional problem. Sometimes a problem manifests itself as a security hole and must be fixed. It is your responsibility to keep up-to-date on the possible security issues your Web pages might have. In order to minimize the abuse of JavaScript security holes, all dangerous operations, such as reading and writing to the hard drive, have been removed. Sometimes it is necessary to use some of the features that have been removed from the language. In order to use these features, Netscape Navigator allows a programmer to sign scripts. A signed script requests extra rights from the visitor in order to do its task.


Team LiB
Previous Section Next Section