- document: The cookie, domain, lastModified, links, referrer, title, and URL properties
- form: Every instance of a form element
- history: The current, next, previous, and toString methods and properties
- link: The hash, host, hostname, href, pathname, port, protocol, search, and toString properties and methods
- location: The hash, host, hostname, href, pathname, port, protocol, search, and toString properties and methods
- option: The defaultSelected, selected, text, and value properties and methods
- plugin: The name property
- window: The defaultStatus, name, and status properties and methods
Netscape's Page Signer tool will allow you to create your individual and unique online security identification. The tool builds a JAR (Java Archive) file that includes both your security certificate and your code. When the document has an HTML SCRIPT tag that has the ARCHIVE attribute set, the browser performs a verification check before the code is executed. An alert box pops up and gives the user a chance to accept or decline the running of your script. If the script is included within the document and not within an external .js file, the JAR file should include only your security identification, although it is still accessed through the use of the ARCHIVE attribute.
Because the user can accept or decline a script from running, Netscape has provided another level to the security that can be enforced by the user. Some think it to be too user-driven to use often. By this I mean that the browser will ask too many questions for what areas of the script to be run, causing increased user annoyance. The areas of the script that are available to be accepted or declined through the use of an alert box are set using the Java method "netscape.security.PrivelidgeManager.enablePrivelidge()". Here is a list of options that a developer can attempt to have the user verify:
- UniversalBrowserAccess: This method allows both the reading and the writing of priviledged data in and to the browser.
- UniversalBrowserRead: This method allows only the reading of privileged data in the browser, and is required when using the history object or getting the value of a DragDrop value within the browser.
- UniversalBrowserWrite: This method allows only the writing of privileged data in the browser, and is required when using any property of an event object, adding or removing any of the browser's content bars (status bar, menu bar, and so forth), and setting the window object's values within the script.
- UniversalFileRead: This method allows the reading of the file system of the user's machine, and is required when using the fileUpload() method.
- UniversalPreferencesRead: This method allows the script to read and report the browser's preferences settings.
- UniversalPreferencesWrite: This method allows the script to set the preference settings within your (the user's) browser.
- UniversalSendMail: This method allows the script to send an email with the user's name, and is required when using the news: or mailto: attributes within a script.
You can see that the aforementioned pros and cons are quite evident here. Additionally, each of the two major browsers—Microsoft's Internet Explorer and Netscape's Navigator—have differing security measures in place. Internet Explorer uses the Same Origin Policy, whereas Netscape uses the Signed Scripts method. Each is good, in its own way. What is frustrating, as you'll se when you attempt to enforce security, is that they are very different. A totally different directory path for each is sometimes required, effectively doubling the work you'll have to put in to satisfy the security considerations for each browser.