[Contents] [Previous] [Next] [Index]

untaint

Removes tainting from a data element or script.

Core function

Implemented in

Navigator 3.0; removed in Navigator 4.0

Syntax

untaint(dataElementName)

Parameters

dataElementName
(Optional) The property, variable, function, or object to remove tainting from. If omitted, taint is removed from the script itself.

Description

Tainting prevents other scripts from passing information that should be secure and private, such as directory structures or user session history. JavaScript cannot pass tainted values on to any server without the end user's permission.

Use untaint to clear tainting that marks data that should not to be sent by other scripts to different servers.

A script can untaint only data that originated in that script (that is, only data that has the script's taint code or has the identity (null) taint code). If you use untaint with a data element from another server's script (or any data that you cannot untaint), untaint returns the data without change or error.

In some cases, control flow rather than data flow carries tainted information. In these cases, taint is added to the script's window. You can remove taint from the script's window by calling untaint with no arguments, if the window contains taint only from the current window.

untaint does not modify its argument; instead, it returns an unmarked copy of the value, or, for objects, an unmarked reference to the value.

Examples

The following statement removes taint from a property so that a script can send it to another server:

untaintedStatus=untaint(window.defaultStatus)
// untaintedStatus can now be sent in a URL or form post by other
// scripts

See also

navigator.taintEnabled, taint


[Contents] [Previous] [Next] [Index]

Last Updated: 10/31/97 16:38:00


Copyright © 1997 Netscape Communications Corporation