[Contents] [Previous] [Next] [Index]


Adds tainting to a data element or script.

Core function

Implemented in

Navigator 3.0; removed in Navigator 4.0




(Optional) The property, variable, function, or object to taint. If omitted, taint is added to the script itself.


Tainting prevents other scripts from passing information that should be secure and private, such as directory structures or user session history. JavaScript cannot pass tainted values on to any server without the end user's permission.

Use taint to mark data that otherwise is not tainted.

In some cases, control flow rather than data flow carries tainted information. In these cases, taint is added to the script's window. You can add taint to the script's window by calling taint with no arguments.

taint does not modify its argument; instead, it returns a marked copy of the value, or, for objects, an unmarked reference to the value.


The following statement adds taint to a property so that a script cannot send it to another server without the end user's permission:

// taintedStatus now cannot be sent in a URL or form post without
// the end user's permission

See also

navigator.taintEnabled, untaint

[Contents] [Previous] [Next] [Index]

Last Updated: 10/31/97 16:38:00

Copyright 1997 Netscape Communications Corporation