Menu
While reading about navigator() object in JavaScript I run into taintEnabled() function description, as good as similar taint() and untaint() functions, referring to something called "data-tainting".
Googling around net and StackOverflow show some possible reference to Perl language, but none about JavaScript. I wonder, what is data-taining and how to use these functions?
687
Data Tainting (or Taint Checking) is a language feature wherein user-input data is flagged as tainted, a flag that propagates to all data derived from this input. As a result, code can implement runtime assertions to ensure security critical code is not being called using tainted data (ie prevent SQLi, XSS type attacks).
Whilst Netscape implemented it in the browser in v3 and v4, support for it sadly never materialized elsewhere, so @trejder is absolutely right that it should be avoided in JavaScript.
121
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
