| ssjs_getClientIDReturns the identifier for the client object used by some of JavaScript's client-maintenance techniques.
| Server-side function | | | Implemented in | Netscape Server 3.0 |
Syntaxssjs_getClientID() ParametersNone. DescriptionFor some applications, you may want to store information specific to a client/application pair in the project or server objects. In these situations, you need a way to refer uniquely to the client/application pair. JavaScript provides two functions for this purpose, ssjs_generateClientID and ssjs_getClientID. Each time you call ssjs_generateClientID, the runtime engine returns a new identifier. For this reason, if you use this function and want the identifier to last longer than a single client request, you need to store the identifier, possibly as a property of the client object.If you use this function and store the ID in the client object, you may need to be careful that an intruder cannot get access to that ID and hence to sensitive information.An alternative approach is to use the ssjs_getClientID function. If you use one of the server-side maintenance techniques for the client object, the JavaScript runtime engine generates and uses a identifier to access the information for a particular client/application pair.When you use these maintenance techniques, ssjs_getClientID returns the identifier used by the runtime engine. Every time you call this function from a particular client/application pair, you get the same identifier. Therefore, you do not need to store the identifier returned by ssjs_getClientID. However, if you use any of the other maintenance techniques, this function returns "undefined"; if you use those techniques you must instead use the ssjs_generateClientID function.If you need an identifier and you're using a server-side maintenance technique, you probably should use the ssjs_getClientID function. If you use this function, you do not need to store and track the identifier yourself; the runtime engine does it for you. However, if you use a client-side maintenance technique, you cannot use the ssjs_getClientID function; you must use the ssjs_generateClientID function.
StringConverts the specified object to a string.
| Core function | | | Implemented in | Navigator 4.0, Netscape Server 3.0 |
SyntaxString(obj) Parameter
DescriptionWhen the object is a Date object, String returns a string representation of the date. Its format is: Thu Aug 18 04:37:43 Pacific Daylight Time 1983. ExampleThe following example converts the Date object to a readable string. <SCRIPT>
D = new Date (430054663215);
document.write (String(D) +" <BR>");
</SCRIPT> This prints "Thu Aug 18 04:37:43 Pacific Daylight Time 1983." See alsoString
taint Adds tainting to a data element or script.
| Core function | | | Implemented in | Navigator 3.0; removed in Navigator 4.0 |
Syntax taint(dataElementName) Parameters
dataElementName | (Optional) The property, variable, function, or object to taint. If omitted, taint is added to the script itself. |
Description Tainting prevents other scripts from passing information that should be secure and private, such as directory structures or user session history. JavaScript cannot pass tainted values on to any server without the end user's permission.Use taint to mark data that otherwise is not tainted.In some cases, control flow rather than data flow carries tainted information. In these cases, taint is added to the script's window. You can add taint to the script's window by calling taint with no arguments. taint does not modify its argument; instead, it returns a marked copy of the value, or, for objects, an unmarked reference to the value. Examples The following statement adds taint to a property so that a script cannot send it to another server without the end user's permission:taintedStatus=taint(window.defaultStatus)
// taintedStatus now cannot be sent in a URL or form post without
// the end user's permission See also navigator.taintEnabled, untaint
unescapeReturns the ASCII string for the specified value.
| Core function | | | Implemented in | Navigator 2.0 |
Syntaxunescape(string) Parameters
string | A string containing characters in the form "%xx", where xx is a 2-digit hexadecimal number. |
DescriptionThe string returned by the unescape function is a series of characters in the ISO-Latin-1 character set. The unescape function is a top-level JavaScript function not associated with any object. In server-side JavaScript, use this function to decode name/value pairs in URLs. ExamplesThe following client-side example returns "&":unescape("%26")The following client-side example returns "!#":unescape("%21%23")In the following server-side example, val1 has been passed to the request object as a hexadecimal value. The statement assigns the decoded value of val1 to myValue.myValue = unescape(request.val1) See alsoescape
untaint Removes tainting from a data element or script.
| Core function | | | Implemented in | Navigator 3.0; removed in Navigator 4.0 |
Syntax untaint(dataElementName) Parameters
dataElementName | (Optional) The property, variable, function, or object to remove tainting from. If omitted, taint is removed from the script itself. |
Description Tainting prevents other scripts from passing information that should be secure and private, such as directory structures or user session history. JavaScript cannot pass tainted values on to any server without the end user's permission.Use untaint to clear tainting that marks data that should not to be sent by other scripts to different servers.A script can untaint only data that originated in that script (that is, only data that has the script's taint code or has the identity (null) taint code). If you use untaint with a data element from another server's script (or any data that you cannot untaint), untaint returns the data without change or error.In some cases, control flow rather than data flow carries tainted information. In these cases, taint is added to the script's window. You can remove taint from the script's window by calling untaint with no arguments, if the window contains taint only from the current window. untaint does not modify its argument; instead, it returns an unmarked copy of the value, or, for objects, an unmarked reference to the value. Examples The following statement removes taint from a property so that a script can send it to another server:untaintedStatus=untaint(window.defaultStatus)
// untaintedStatus can now be sent in a URL or form post by other
// scripts See also navigator.taintEnabled, taint
writeGenerates HTML based on an expression and sends it to the client.
| Server-side function | | | Implemented in | LiveWire 1.0 |
Syntaxwrite(expression) Parameters
expression | A valid JavaScript expression. |
DescriptionThe write function causes server-side JavaScript to generate HTML that is sent to the client. The client interprets this generated HTML as it would static HTML. The server-side write function is similar to the client-side document.write method.To improve performance, the JavaScript engine on the server buffers the output to be sent to the client and sends it in large blocks of at most 64 KBytes in size. You can control when data are sent to the client by using the flush function.The write function is a top-level server-side JavaScript function that is not associated with any object. Do not confuse the write method of the File object with the write function. The write function outputs data to the client; the write method outputs data to a physical file on the server. ExamplesIn the following example, the write function is passed a string, concatenated with a variable, concatenated with a BR tag:write("The operation returned " + returnValue + "<BR>")If returnValue is 57, this example displays the following:The operation returned 57 See alsoflush |
| |
