|
Cross-document Messaging
Web Messaging, or cross-document messaging, is an API introduced in the WHATWG HTML5 draft specification, allowing documents to communicate with one another across different origins, or source domains while rendered in a web browser. Prior to HTML5, web browsers disallowed cross-site scripting, to protect against security attacks. This practice barred communication between non-hostile pages as well, making document interaction of any kind difficult. Cross-document messaging allows scripts to interact across these boundaries, while providing a rudimentary level of security. Requirements and attributes Using the Messaging API's postMessage method, plain text messages can be sent from one domain to another, e.g. from a parent document to an IFRAME. This requires that the author first obtain the Window object of the receiving document. As a result, messages can be posted to the following: * other frames or iframes within the sender document's window * windows the sender document explic ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
WHATWG
The Web Hypertext Application Technology Working Group (WHATWG) is a community of people interested in evolving HTML and related technologies. The WHATWG was founded by individuals from Apple Inc., the Mozilla Foundation and Opera Software, leading web browser vendors in 2004. WHATWG is responsible for maintaining multiple web-related technical standards, including the specifications for the HyperText Markup Language (HTML) and the Document Object Model (DOM). The central organizational membership and control of WHATWG – its "Steering Group" – consists of Apple, Mozilla, Google, and Microsoft. WHATWG community members work with the editor of the specifications to ensure correct implementation. History The WHATWG was formed in response to the slow development of World Wide Web Consortium (W3C) Web standards and W3C's decision to abandon HTML in favor of XML-based technologies. The WHATWG mailing list was announced on 4 June 2004, two days after the initiatives of a j ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Android (operating System)
Android is an operating system based on a modified version of the Linux kernel and other open-source software, open-source software, designed primarily for touchscreen-based mobile devices such as smartphones and tablet computer, tablets. Android has historically been developed by a consortium of developers known as the Open Handset Alliance, but its most widely used version is primarily developed by Google. First released in 2008, Android is the world's Usage share of operating systems, most widely used operating system; the latest version, released on June 10, 2025, is Android 16. At its core, the operating system is known as the Android Open Source Project (AOSP) and is free and open-source software (FOSS) primarily licensed under the Apache License. However, most devices run the proprietary software, proprietary Android version developed by Google, which ships with additional proprietary closed-source software pre-installed, most notably Google Mobile Services (GMS), which ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Web Hypertext Application Technology Working Group
The Web Hypertext Application Technology Working Group (WHATWG) is a community of people interested in evolving HTML and related technologies. The WHATWG was founded by individuals from Apple Inc., the Mozilla Foundation and Opera Software, leading web browser vendors in 2004. WHATWG is responsible for maintaining multiple web-related technical standards, including the specifications for the HyperText Markup Language (HTML) and the Document Object Model (DOM). The central organizational membership and control of WHATWG – its "Steering Group" – consists of Apple, Mozilla, Google, and Microsoft. WHATWG community members work with the editor of the specifications to ensure correct implementation. History The WHATWG was formed in response to the slow development of World Wide Web Consortium (W3C) Web standards and W3C's decision to abandon HTML in favor of XML-based technologies. The WHATWG mailing list was announced on 4 June 2004, two days after the initiatives of a joint ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
JSONP
JSONP, or JSON-P (JSON with Padding), is a historical JavaScript technique for requesting data by loading a element, which is an element intended to load ordinary JavaScript. It was proposed by Bob Ippolito in 2005. JSONP enables sharing of data bypassing same-origin policy, which disallows running JavaScript code to read media DOM elements or XMLHttpRequest data fetched from outside the page's originating site. The originating site is indicated by a combination of URI scheme, hostname, and port number. JSONP is vulnerable to the data source replacing the innocuous function call with malicious code, which is why it has been superseded by CORS (cross-origin resource sharing, available since 2009) in modern applications. Functionality The HTML <script> element is generally allowed to execute JavaScript code retrieved from foreign origins. Services replying with pure JSON data, however, were not able to share data from foreign origins before the adoption of CORS (Cross-ori ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Cross-origin Resource Sharing
Cross-origin resource sharing (CORS) is a mechanism to safely bypass the same-origin policy, that is, it allows a web page to access restricted resources from a server on a domain different than the domain that served the web page. A web page may freely embed cross-origin images, stylesheets, scripts, iframes, and videos. Certain "cross-domain" requests, notably Ajax requests, are forbidden by default by the same-origin security policy. CORS defines a way in which a browser and server can interact to determine whether it is safe to allow the cross-origin request. It allows for more freedom and functionality than purely same-origin requests, but is more secure than simply allowing all cross-origin requests. The specification for CORS is included as part of the WHATWG's Fetch Living Standard. This specification describes how CORS is currently implemented in browsers. An earlier specification was published as a W3C Recommendation. Technical overview For HTTP requests made from ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Same-origin Policy
In computing, the same-origin policy (SOP) is a concept in the web application security model. Under the policy, a web browser permits scripts contained in a first web page to access data in a second web page, but only if both web pages have the same ''origin''. An origin is defined as a combination of URI scheme, host name, and port number. This policy prevents a malicious script on one page from obtaining access to sensitive data on another web page through that page's Document Object Model (DOM). This mechanism bears a particular significance for modern web applications that extensively depend on HTTPS cookies to maintain authenticated user sessions, as servers act based on the HTTP cookie information to reveal sensitive information or perform state-changing actions. A strict separation between content provided by unrelated sites must be maintained on the client-side to prevent the loss of data confidentiality or integrity. The same-origin policy applies only to scripts. This m ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Cross-site Request Forgery
Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF (sometimes pronounced ''sea-surf'') or XSRF, is a type of malicious exploit of a website or web application where unauthorized commands are submitted from a user that the web application trusts. There are many ways in which a malicious website can transmit such commands; specially-crafted image tags, hidden forms, and JavaScript fetch or XMLHttpRequests, for example, can all work without the user's interaction or even knowledge. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser. In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user's account. T ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Cross-site Scripting
Cross-site scripting (XSS) is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. During the second half of 2007, XSSed documented 11,253 site-specific cross-site vulnerabilities, compared to 2,134 "traditional" vulnerabilities documented by Symantec. XSS effects vary in range from petty nuisance to significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner network. OWASP considers the term cross-site scripting to be a misnomer. It initially was an attack that was used for breaching data across sites, but gradually started to include other forms of data injection attacks. Background Security on the web depends on a variety of ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Presto (layout Engine)
Presto was the browser engine of the Opera web browser from the release of Opera 7 on 28 January 2003, until the release of Opera 15 on 2 July 2013, at which time Opera switched to using the Blink engine that was originally created for Chromium. Presto was also used to power the Opera Mini and Opera Mobile browsers. Presto is a dynamic engine. Web pages can be re-rendered completely or partially in response to DOM events. Its releases saw a number of bug fixes and optimizations to improve the speed of the ECMAScript (JavaScript) engine. It is proprietary and only available as a part of the Opera browsers. ECMAScript engines A succession of ECMAScript engines have been used with Opera. (For the origin of their names, see Cultural notes below.) Pre-Presto versions of Opera used the Linear A engine. Opera versions based on the Core fork of Presto, Opera 7.0 through 9.27, used the Linear B engine. The Futhark engine is used in some versions on the Core 2 fork of Presto, name ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
WebKit
WebKit is a browser engine primarily used in Apple's Safari web browser, as well as all web browsers on iOS and iPadOS. WebKit is also used by the PlayStation consoles starting with the PS3, the Tizen mobile operating systems, the Amazon Kindle e-book reader, Nintendo consoles starting with the 3DS Internet Browser, GNOME Web, and the discontinued BlackBerry Browser. WebKit started as a fork of the KHTML and KJS libraries from KDE, and has since been further developed by KDE contributors, Apple, Google, Nokia, Bitstream, BlackBerry, Sony, Igalia, and others. WebKit supports macOS, Windows, Linux, and various other Unix-like operating systems. On April 3, 2013, Google announced that it had forked WebCore, a component of WebKit, to be used in future versions of Google Chrome and the Opera web browser, under the name Blink. Its JavaScript engine, JavascriptCore, also powers the Bun server-side JS runtime, as opposed to V8 used by Node.js, Deno, and Blink. ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Gecko (layout Engine)
Gecko (stylized as ɢecko) is a browser engine developed by Mozilla. It is used in the Firefox browser, the Thunderbird email client, and in a discontinued state on AOL's Netscape 4, Netscape 6, Netscape 7, Netscape Browser and Netscape Navigator 9; this is alongside many other projects. Gecko is designed to support open Internet standards, and is used by different applications to display web pages and, in some cases, an application's user interface itself (by rendering XUL). Gecko offers a rich programming API that makes it suitable for a wide variety of roles in Internet-enabled applications, such as web browsers, content presentation, and client/server. Gecko is written in C++ and JavaScript, and, since 2016, additionally in Rust. It is free and open-source software subject to the terms of the Mozilla Public License version 2. Mozilla officially supports its use on Android, Linux, macOS, and Windows. History Development of the layout engine now known as Gecko began ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Trident (layout Engine)
Trident (also known as MSHTML) is a proprietary browser engine for the Microsoft Windows version of Internet Explorer, developed by Microsoft. MSHTML debuted with the release of Internet Explorer 4 in 1997. For versions 7 and 8 of Internet Explorer, Microsoft made significant changes to MSHTML's layout capabilities to improve compliance with Web standards and add support for new technologies. MSHTML will continue to receive security updates for the IE mode of Microsoft Edge until at least 2029. However, support for new Web standards will not be added. Use in software development MSHTML was designed as a software component to allow software developers to easily add web browsing functionality to their own applications. It presents a COM interface for accessing and editing web pages in any COM-supported environment, like C++ and .NET. For instance, a web browser control can be added to a C++ program and MSHTML can then be used to access the page currently displayed in the web ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
