Penguin

JavaScript is a ProgrammingLanguage with DynamicTyping originally designed by Brendan Eich in 1995 for scripting NetscapeNavigator 2.0. Called LiveScript in beta versions, but was renamed and slightly redesigned for marketing reasons in the final release after Netscape licensed Java from SunMicrosystems. This has caused no end of confusion as the two languages have nearly nothing in common besides the first four letters of their names.

The language has grown over the years. The standard implementation is called ECMAScript, named after the standardization institute ECMA that it was handed to. Contrary to popular belief, these versions are pretty compatible. The problem many webdesigners were faced with is that the Document Object Model used to offer access to the HTML document a script belongs to in a browser has varied wildly.

There are many pages on the web about JavaScript, but one of the best is the JavaScript section at Peter-Paul Koch's site.


Signing JavaScript

JavaScript has a relatively strict security model to prevent its use by malicious web content authors. (In practice, of course, the Interpreters in WebBrowsers are plagued with holes.) Some of those restrictions can be lifted, with the user's permission, if JavaScript code is signed.

To sign JavaScript code using Mozilla, you use the signtool. First set your Master Password in Mozilla to something easy and insecure as you'll have to put it on the command line. A quick

signtool -d ~/.mozilla -l

will show you have no signing certificates. Quit Mozilla to generate one:

signtool -d ~/.mozilla -p password -G certname

Now recheck your certificate list and notice that you have a singing certificate:

signtool -d ~/.mozilla -l

Make a new directory, put any script files or HTML files with JavaScript code in it (say, foo.html) and sign the directory contents with this command:

signtool -d ~/.mozilla -p password -k certname -Z foo.jar script_directory

Test that it was signed correctly with:

signtool -d ~/.mozilla -v foo.jar

Referring to it as jar:http://bar.com/baz/foo.jar!/foo.html will now allow unsafe code to execute provided the user has accepted your certificate.

For a really thorough treatise on the subject, see Signed Scripts in Mozilla.


Part of CategoryProgrammingLanguages, CategoryObjectOrientedProgrammingLanguages, CategoryVeryHighLevelProgrammingLanguages