- NAME
- javascript - The javascript security policy.
- SYNOPSIS
- policy javascript
- DESCRIPTION
- FEATURES
- CONFIGURATION
- features
- aliases
- urls
- hosts ports
- mimeTypes
- SEE ALSO
- KEYWORDS
javascript - The javascript security policy.
policy javascript
The javascript security policy installs features into a Safe-Tcl
interpreter that allow a Tclet to connect to arbitrary resources via
HTTP and using sockets.
The installed features also enable the Tclet to generate content for frames
managed by the hosting application, call arbitrary JavaScript code and send
electronic mail.
This policy enables dangerous features that, if used properly, can allow
Tclet to be used as compelling web enabled applications.
The FEATURES section describes the features enabled by this policy.
The section on CONFIGURATION discusses how to enable or disable use
of the javascript policy by Tclets and the resources that are
controlled by the policy's configuration.
Security issues are discussed in the manual page for each feature installed
by this policy.
The javascript policy enables the persist, network,
url and stream features.
These are each described in their own manual page.
The policies section of the application's master configuration
controls whether Tclets can use the javascript policy.
If it is not allowed by this section, the policy can not be used by Tclets
hosted in this application.
For the Tcl plugin, by default the policy is enabled for a select set of
Tclets loaded from well known URLs.
Edit plugin.cfg in the ::cfg::configDir directory to modify
this set of URLs or completely disable the policy.
The config manual page describes configuration management and the
syntax and organization of configurations.
The javascript policy uses a configuration stored in
javascript.cfg in the ::cfg::configDir directory.
The configuration has the following sections:
- features
-
This section selects which features are installed by the policy into a
Tclet.
This policy allows the persist, network, url and
stream features to be installed.
- aliases
-
The aliases for these features are enabled in this section.
- urls
-
This section controls the set of URLs that can be accessed by aliases
provided by the url feature.
In the Tcl plugin, this section allows any URL to be used.
Edit this section to define a smaller set of URLs that can be used.
- hosts ports
-
This section defines which hosts and ports can be used in the socket
command provided by the network feature.
In the Tcl plugin, all hosts and ports are allowed.
Edit this section to define a smaller set of hosts and ports that can be
used.
- mimeTypes
-
This section defines which mime types are allowed as arguments to the
::browser::openStream alias.
In the Tcl plugin, all mime types are allowed.
Edit this section to describe a smaller set of mime types.
plugin, safe, config, policy, url, stream, network, persist
Safe-Tcl, alias, socket, URL, persistent local storage, JavaScript, electronic mail