Differences between current version and previous revision of JavaScript.
Other diffs: Previous Major Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 11 | Last edited on Wednesday, August 24, 2005 9:37:27 am | by AristotlePagaltzis | |
| Older page: | version 10 | Last edited on Wednesday, August 24, 2005 9:35:27 am | by AristotlePagaltzis | Revert |
@@ -11,39 +11,39 @@
JavaScript has a relatively strict security model to prevent its use by malicious web content authors. (In practice, of course, the [Interpreter]s in WebBrowser~s are plagued with holes.) Some of those restrictions can be lifted, with the user's permission, if JavaScript code is signed.
To sign JavaScript code using [Mozilla], you use the <tt>signtool</tt>. First set your ''Master Password'' in Mozilla to something easy and insecure as you'll have to put it on the command line. A quick
-<verbatim
>
-signtool -d ~/.mozilla -l
-</verbatim
>
+<pre
>
+signtool -d ~
~/.mozilla -l
+</pre
>
will show you have no signing certificates. Quit [Mozilla] to generate one:
-<verbatim
>
-signtool -d ~/.mozilla -p ''password'' -G ''certname''
-</verbatim
>
+<pre
>
+signtool -d ~
~/.mozilla -p ''password'' -G ''certname''
+</pre
>
Now recheck your certificate list and notice that you have a singing certificate:
-<verbatim
>
-signtool -d ~/.mozilla -l
-</verbatim
>
+<pre
>
+signtool -d ~
~/.mozilla -l
+</pre
>
Make a new directory, put any script files or HTML files with JavaScript code in it (say, <tt>''foo''.html</tt>) and sign the directory contents with this command:
-<verbatim
>
-signtool -d ~/.mozilla -p ''password'' -k ''certname'' -Z ''foo''.jar ''script_directory''
-</verbatim
>
+<pre
>
+signtool -d ~
~/.mozilla -p ''password'' -k ''certname'' -Z ''foo''.jar ''script_directory''
+</pre
>
Test that it was signed correctly with:
-<verbatim
>
-signtool -d ~/.mozilla -v ''foo''.jar
-</verbatim
>
+<pre
>
+signtool -d ~
~/.mozilla -v ''foo''.jar
+</pre
>
Referring to it as <tt>jar:~http://bar.com/baz/foo.jar!/foo.html</tt> will now allow unsafe code to execute provided the user has accepted your certificate.
For a really thorough treatise on the subject, see [Signed Scripts in Mozilla | http://www.mozilla.org/projects/security/components/signed-scripts.html].
----
Part of CategoryProgrammingLanguages, CategoryObjectOrientedProgrammingLanguages, CategoryVeryHighLevelProgrammingLanguages
