Penguin
Annotated edit history of JavaScript version 11, including all changes. View license author blame.
Rev Author # Line
9 AristotlePagaltzis 1 JavaScript is a ProgrammingLanguage with DynamicTyping originally designed by Brendan Eich in 1995 for scripting NetscapeNavigator 2.0. Called ~LiveScript in beta versions, but was renamed and slightly redesigned for marketing reasons in the final release after [Netscape] licensed [Java] from SunMicrosystems. This has caused no end of confusion as the two languages have nearly nothing in common besides the first four letters of their names.
1 JonPurvis 2
9 AristotlePagaltzis 3 The language has grown over the years. The standard implementation is called ECMAScript, named after the standardization institute [ECMA] that it was handed to. Contrary to popular belief, these versions are pretty compatible. The problem many webdesigners were faced with is that the Document Object Model used to offer access to the [HTML] document a script belongs to in a browser has varied wildly.
1 JonPurvis 4
5 AristotlePagaltzis 5 There are many pages on the web about JavaScript, but one of the best is the JavaScript section at [Peter-Paul Koch's site | http://www.xs4all.nl/~ppk/js/].
1 JonPurvis 6
5 AristotlePagaltzis 7 ----
1 JonPurvis 8
5 AristotlePagaltzis 9 !! Signing JavaScript
1 JonPurvis 10
9 AristotlePagaltzis 11 JavaScript has a relatively strict security model to prevent its use by malicious web content authors. (In practice, of course, the [Interpreter]s in WebBrowser~s are plagued with holes.) Some of those restrictions can be lifted, with the user's permission, if JavaScript code is signed.
5 AristotlePagaltzis 12
9 AristotlePagaltzis 13 To sign JavaScript code using [Mozilla], you use the <tt>signtool</tt>. First set your ''Master Password'' in Mozilla to something easy and insecure as you'll have to put it on the command line. A quick
5 AristotlePagaltzis 14
11 AristotlePagaltzis 15 <pre>
16 signtool -d ~~/.mozilla -l
17 </pre>
5 AristotlePagaltzis 18
19 will show you have no signing certificates. Quit [Mozilla] to generate one:
20
11 AristotlePagaltzis 21 <pre>
22 signtool -d ~~/.mozilla -p ''password'' -G ''certname''
23 </pre>
5 AristotlePagaltzis 24
25 Now recheck your certificate list and notice that you have a singing certificate:
26
11 AristotlePagaltzis 27 <pre>
28 signtool -d ~~/.mozilla -l
29 </pre>
5 AristotlePagaltzis 30
9 AristotlePagaltzis 31 Make a new directory, put any script files or HTML files with JavaScript code in it (say, <tt>''foo''.html</tt>) and sign the directory contents with this command:
5 AristotlePagaltzis 32
11 AristotlePagaltzis 33 <pre>
34 signtool -d ~~/.mozilla -p ''password'' -k ''certname'' -Z ''foo''.jar ''script_directory''
35 </pre>
5 AristotlePagaltzis 36
37 Test that it was signed correctly with:
38
11 AristotlePagaltzis 39 <pre>
40 signtool -d ~~/.mozilla -v ''foo''.jar
41 </pre>
5 AristotlePagaltzis 42
9 AristotlePagaltzis 43 Referring to it as <tt>jar:~http://bar.com/baz/foo.jar!/foo.html</tt> will now allow unsafe code to execute provided the user has accepted your certificate.
5 AristotlePagaltzis 44
45 For a really thorough treatise on the subject, see [Signed Scripts in Mozilla | http://www.mozilla.org/projects/security/components/signed-scripts.html].
46
47 ----
48
9 AristotlePagaltzis 49 Part of CategoryProgrammingLanguages, CategoryObjectOrientedProgrammingLanguages, CategoryVeryHighLevelProgrammingLanguages