Browser

Internet‎ > ‎

Browsers Names

Mozilla Firefox
Microsoft Internet Explorer
Google Chrome
Apple Safari
Opera

Important Concepts

Same Origin Policy

The policy permits scripts running on pages originating from the same site to access each other's methods and properties with no specific restrictions, but prevents access to most methods and properties across pages on different sites.
An important extension to the same origin policy implemented for JavaScript DOM access (but not for most of the other flavors of same-origin checks) is that two sites sharing a common top-level domain may opt to communicate despite failing the "same host" check by mutuallysetting their respective document.domain DOM property to the same qualified, right-hand fragment of their current host name.
The following are not subjected to same-origin checks:

Remote SCRIPTs
submit POST forms
Simple Multimedia markup like IMG, BGSOUND tag
Remote stylesheets
Embedded objects
Embedded applets
FRAME
IFRAME

The following are subjected to same-origin checks:

DOM access
XMLHttpRequest

The following can load any URL

Link targets

Refresh and Location directives

JavaScript DOM access

Form submission

Links

http://code.google.com/p/browsersec/ - Book on Browser Security by Google Employee
https://wiki.mozilla.org/Security/CSP/Spec - Browser Security Spec from Mozilla
http://en.wikipedia.org/wiki/Same_origin_policy
http://hacks.mozilla.org/2010/02/firefox-46-features/
Development for Safari

Note : Some of the content on this page is from Wikipedia and therefore the contents of this page are available under Creative Commons Attribution License.

Comments

Library	Search this site