JavaScript: The Definitive Guide

Previous Chapter 21
JavaScript Reference
Next
 

untaint() Function

Name

untaint() Function---untaint a value or window

Availability

Navigator 3.0 when data tainting is enabled

Synopsis

untaint()
untaint(value)

Arguments

value

The value for which a non-tainted copy is to be made. If this argument is not specified, then untaint() removes taint from the current window instead.

Returns

An untainted copy of value, if it is a primitive data type, or an untainted reference to value, if it is an object type.

Description

The untaint() function is used when the data-tainting security model is in effect. See Chapter 20, JavaScript Security for details on this security model. JavaScript automatically associates taint with data values that are potentially private, and which should not be "stolen" by scripts. If you need to allow these values to be exported by scripts, you must use untaint() to make untainted copies.

untaint() does not remove from the taint the value it is passed; instead, it returns an untainted copy of that value, or an untainted reference to that value for object types. (Note that taint is associated with primitive values and with references to objects, not with the objects themselves.)

Sometimes taint is carried not by data values, but by the control flow of a program. In this case, you may need to remove taint from an entire window in which JavaScript code runs. You can do this by calling untaint() with no arguments. Note, however, that you can only do this if the window carries only the taint of the script that calls untaint(). If the window has been tainted by other scripts, it cannot be untainted.

See Also

"taint()", Chapter 20, JavaScript Security


Previous Home Next
unescape() Book Index URL

HTML: The Definitive Guide CGI Programming JavaScript: The Definitive Guide Programming Perl WebMaster in a Nutshell