Main Page

Codebase Principals

If the script isn’t signed appropriately, it won’t run. The JavaScript Console displays the same message
the user sees when he doesn’t allow an extended privilege
(“User did not grant privilege”
).
For more information on signed scripts in Mozilla, see
http://www.mozilla.org/projects/
security/components/signed-scripts.html
.
Codebase Principals
Another way to access the extended privileges is to enable Codebase Principals. This policy determines
the safety of a given script based on where it’s loaded from (its
codebase
). Presumably, a script is safe if it
is being loaded from the same server as the HTML page. This is not exactly a safe assumption, which is
why all Mozilla browsers come with Codebase Principals disabled. It is purposely difficult to enable so
that the average user won’t turn on Codebase Principals by mistake.
Codebase Principals should only be used for testing and debugging of a script that will eventually be
signed.
Resource limitations
If you’re a software developer or a software user, you’re probably aware that some programs can end up
overreaching their memory limit, making your machine run more slowly, become unstable, and sometimes
crash. It was decided by browser companies that JavaScript would not affect the user ’s computer in this
detrimental way. For this reason, browsers only run up to one million lines of JavaScript is any one call.
One million sounds like a lot of lines (probably more lines than you’ll ever need), but every once in a
while you may find yourself bumping up against this limit. When this happens, the browser notifies you
in some way: Internet Explorer pops up a dialog box telling you that a script is causing the browser to
run slowly and asks if you would like to continue running the script; Mozilla simply opts out of the cur-
rent operation and places an error message in the JavaScript Console.
The one million lines aren’t cumulative, so you don’t need to worry if you have scripts that run when
the user clicks on different parts of the page. This restriction exists only within a single function call to
prevent problems such as infinite loops and infinite recursion.
Internationalization Concerns
If you are planning to create a Web site that can be accessed from anywhere in the world, or a Web appli-
cation that can be installed anywhere in the world, internationalization is a concern. Entire libraries,
available in numerous programming languages, help you with internationalization of software, ranging
from typical C++ applications to Web-based systems. Companies spend hundreds of hours examining
their Web sites and Web applications for internationalization purposes, but they often forget to examine
JavaScript code.
There is no way to sign scripts on Internet Explorer or on any other browser. Internet
Explorer does offer some advanced security through the use of HyperText
Applications (HTAs). For more information on using HTAs, refer to
http://
msdn.microsoft.com/workshop/author/hta/overview/htaoverview.asp
.
568
Chapter 19
22_579088 ch19.qxd 3/28/05 11:43 AM Page 568


JavaScript EditorFree JavaScript Editor     Ajax Editor


©