←
^
→
JavaScript in the Browser
Security
JavaScript cannot read, write, or delete files on client machine.
JavaScript can open HTTP and FTP connections to any server, but has not socket primitives.
Cannot change the status line text.
Same-origin policy
: a script can read only the properties of windows and documents that have the same origin as the document that contains the script.
XMLHttpRequest
object allows for connections only to server from which the containing document was loaded.
The
origin
of a document is the
protocol://host:port
of the URL from which the document was loaded.
It is not about where the script came from, its about where the document that loaded the script came from!
José M. Vidal
.
7 of 66