MozillaWiki

Security/Features/XSS Filter: Difference between revisions

Page Discussion

Security/Features/XSS Filter (view source)

Revision as of 16:38, 24 June 2011

100 bytes removed ,  24 June 2011
→‎Summary
No edit summary
Line 22: Line 22:


The picture shows how the filter interacts with the rest of the browser: it is tightly integrated into the Mozilla framework and it is able to interpose on calls to the JavaScript engine, which happens either when (a) a <script> node or some other HTML construct is parsed by the HTML engine, (b) JavaScript evaluates strings as code (e.g. using eval or setTimeout) or (c) JavaScript uses the DOM API to generate new HTML content that is fed into the parser.
The picture shows how the filter interacts with the rest of the browser: it is tightly integrated into the Mozilla framework and it is able to interpose on calls to the JavaScript engine, which happens either when (a) a <script> node or some other HTML construct is parsed by the HTML engine, (b) JavaScript evaluates strings as code (e.g. using eval or setTimeout) or (c) JavaScript uses the DOM API to generate new HTML content that is fed into the parser.
For implementation details, please see the [https://intranet.mozilla.org/XSS_Filter intranet page]


== Team  ==
== Team  ==
Sidstamm
canmove, Confirmed users
1,537

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/322610"