Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
JavaScript
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== Sandbox implementation errors === Web browsers are capable of running JavaScript outside the sandbox, with the privileges necessary to, for example, create or delete files. Such privileges are not intended to be granted to code from the Web. Incorrectly granting privileges to JavaScript from the Web has played a role in vulnerabilities in both Internet Explorer<ref>US CERT, [https://www.kb.cert.org/vuls/id/713878 Vulnerability Note VU#713878: Microsoft Internet Explorer does not properly validate source of redirected frame] {{Webarchive|url=https://web.archive.org/web/20091030051811/https://www.kb.cert.org/vuls/id/713878/ |date=2009-10-30 }}</ref> and Firefox.<ref>Mozilla Foundation, [https://www.mozilla.org/security/announce/2005/mfsa2005-41.html Mozilla Foundation Security Advisory 2005β41: Privilege escalation via DOM property overrides] {{Webarchive|url=https://web.archive.org/web/20140604014832/https://www.mozilla.org/security/announce/2005/mfsa2005-41.html |date=2014-06-04 }}</ref> In Windows XP Service Pack 2, Microsoft demoted JScript's privileges in Internet Explorer.<ref>{{cite web |last=Andersen |first=Starr |date=2004-08-09 |url=https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-xp/bb457150(v=technet.10) |title=Part 5: Enhanced Browsing Security |department=[[Microsoft TechNet|TechNet]] |website=[[Microsoft Docs]] |series=Changes to Functionality in Windows XP Service Pack 2 |access-date=2021-10-20}}</ref> [[Microsoft Windows]] allows JavaScript source files on a computer's hard drive to be launched as general-purpose, non-sandboxed programs (see: [[Windows Script Host]]). This makes JavaScript (like [[VBScript]]) a theoretically viable vector for a [[Trojan horse (computing)|Trojan horse]], although JavaScript Trojan horses are uncommon in practice.<ref>For one example of a rare JavaScript Trojan Horse, see Symantec Corporation, [https://www.symantec.com/security_response/writeup.jsp?docid=2003-100111-0931-99 JS.Seeker.K] {{Webarchive|url=https://web.archive.org/web/20110913210848/http://www.symantec.com/security_response/writeup.jsp?docid=2003-100111-0931-99 |date=2011-09-13 }}</ref>{{failed verification|date=March 2017}}
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)