JavaScript-Same Origin Policy - Essay Example

JavaScript-Same Origin Policy Introduction As a security concept, the same origin policy is a concept used when there is a need to isolate documents retrieved from distinct origins. Where origins implies the host name e.g. documents located on https://march.com/January.html since they are from dissimilar protocols. The same origin ideas thus help in avoiding the hackers from injecting evil sites into someone’s or other sites that are wanted private. This origin policy always starts with trust; a web page owns its data and is free to submit that data to the original web site.

Thus, the already running JavaScript will be given an assurance of not being evil. The JavaScript will load more content e.g. building a simple image gallery use that is through writing JavaScript encryptions that inserts and erases into the existing page. The browser, therefore, will instantly load the image, in a way, showing that it had been present in the existing page, and removes it from the display if the image is deleted. Thus, the same origin policy code prevents the JavaScript from directing data to a dissimilar server or from writing a data belonging to a different server (Powers, 2008).

Enabling communications with another domain will depend on the use of JSONP, which grounds on a - tag. The sent information to another domain is encrypted in the URL as limits. The resumed JavaScript comprises of a purpose call with the invited info as parameters. Though if some evil encryptions of JavaScript gets submitted into a clean web page, it may results into an tag and includes them in that page (Powers, 2008). Thus, it will be safe to develop a URL to any intimidating domain sticking it in the image tag and submits a request.

References POWERS, S. (2008). Learning JavaScript Add Sparkle and Life to Your Web Pages. Sebastopol, OReilly Media, Inc. http://public.eblib.com/EBLPublic/PublicView.do?ptiID=443443. HOFFMAN, B., & SULLIVAN, B. (2008). Ajax security. Upper Saddle River, N.J., Addison-Wesley. http://proquest.safaribooksonline.com/9780321491930. GOSSELIN, D. (2011). Principles of HTML, XHTML, and DHTML. Boston, MA, Course Technology/Cengage Learning. GOSSELIN, D. (2011). Javascript. Boston, Mass, Course Technology.