NAME
javascript - The javascript security policy.
SYNOPSIS
policy javascript
DESCRIPTION
FEATURES
CONFIGURATION
features
aliases
urls
hosts ports
mimeTypes
SEE ALSO
KEYWORDS

NAME

javascript - The javascript security policy.

SYNOPSIS

policy javascript

DESCRIPTION

The javascript security policy installs features into a Safe-Tcl interpreter that allow a Tclet to connect to arbitrary resources via HTTP and using sockets. The installed features also enable the Tclet to generate content for frames managed by the hosting application, call arbitrary JavaScript code and send electronic mail. This policy enables dangerous features that, if used properly, can allow Tclet to be used as compelling web enabled applications.

The FEATURES section describes the features enabled by this policy. The section on CONFIGURATION discusses how to enable or disable use of the javascript policy by Tclets and the resources that are controlled by the policy's configuration. Security issues are discussed in the manual page for each feature installed by this policy.

FEATURES

The javascript policy enables the persist, network, url and stream features. These are each described in their own manual page.

CONFIGURATION

The policies section of the application's master configuration controls whether Tclets can use the javascript policy. If it is not allowed by this section, the policy can not be used by Tclets hosted in this application. For the Tcl plugin, by default the policy is enabled for a select set of Tclets loaded from well known URLs. Edit plugin.cfg in the ::cfg::configDir directory to modify this set of URLs or completely disable the policy. The config manual page describes configuration management and the syntax and organization of configurations.

The javascript policy uses a configuration stored in javascript.cfg in the ::cfg::configDir directory. The configuration has the following sections:

features
This section selects which features are installed by the policy into a Tclet. This policy allows the persist, network, url and stream features to be installed.

aliases
The aliases for these features are enabled in this section.

urls
This section controls the set of URLs that can be accessed by aliases provided by the url feature. In the Tcl plugin, this section allows any URL to be used. Edit this section to define a smaller set of URLs that can be used.

hosts ports
This section defines which hosts and ports can be used in the socket command provided by the network feature. In the Tcl plugin, all hosts and ports are allowed. Edit this section to define a smaller set of hosts and ports that can be used.

mimeTypes
This section defines which mime types are allowed as arguments to the ::browser::openStream alias. In the Tcl plugin, all mime types are allowed. Edit this section to describe a smaller set of mime types.

SEE ALSO

plugin, safe, config, policy, url, stream, network, persist

KEYWORDS

Safe-Tcl, alias, socket, URL, persistent local storage, JavaScript, electronic mail