Revision as of 05:37, 16 March 2018 view source Krinkle (talk \| contribs) Extended confirmed users, Pending changes reviewers, Rollbackers 5,591 edits Fix a dead link on ecmascript.org Tag: Visual edit ← Previous edit		Revision as of 18:50, 17 March 2018 view source 72.188.10.126 (talk) clearer wording Next edit →
Line 447: {{See also\|Browser security}} JavaScript and the DOM provide the potential for malicious authors to deliver scripts to run on a client computer via the Web. Browser authors ~~contain~~minimize this risk using two restrictions. First, scripts run in a [[Sandbox (computer security)\|sandbox]] in which they can only perform Web-related actions, not general-purpose programming tasks like creating files. Second, scripts are constrained by the [[same-origin policy]]: scripts from one Web site do not have access to information such as usernames, passwords, or cookies sent to another site. Most JavaScript-related security bugs are breaches of either the same origin policy or the sandbox. There are subsets of general JavaScript—ADsafe, Secure ECMAScript (SES)—that provide greater levels of security, especially on code created by third parties (such as advertisements).<ref>{{cite web \| url=http://www.adsafe.org/ \| title=Making JavaScript Safe for Advertising \| publisher=ADsafe \| accessdate=2013-05-26}}</ref><ref>{{cite web \| url=https://code.google.com/p/es-lab/wiki/SecureEcmaScript \| title=Secure ECMA Script (SES) \| publisher=Code.google.com \| accessdate=2013-05-26}}</ref> [[Caja project\|Caja]] is another project for safe embedding and isolation of third-party JavaScript and HTML.

JavaScript: Difference between revisions