Data-tainting (Security related)

A mechanism for marking data in the client and controlling its use. An obsolete security work-around.

The data-tainting model was implemented in Netscape 3 but deprecated by version 4. It was never implemented in MSIE.

Rather than prevent access to data in other parts of the browser space, it allows full access even to private data. However, that access marked the data as tainted and any values that were derived from it were also tainted. Tainted data values could not be sent back to the server and in fact were not permitted to leave the client.

These capabilities were not used very much in production systems and have now been superseded by the signed scripts and privilege model.


See also:Restricted access, Security policy, Signed scripts