Classes And Modules - Study Mode
[#21] Which is the subset that is a secure container designed for the purpose of safely running untrusted JavaScript?
Correct Answer
(A) Sandbox
Explanation
Solution: There is a larger class of subsets that have been designed for the purpose of safely running untrusted JavaScript in a secure container or “sandbox”.
[#22] Why is the this keyword forbidden in JavaScript?
Correct Answer
(C) Functions should not access the global objects
Explanation
Solution: The this keyword is forbidden or restricted because functions (in non-strict mode) can access the global object through this. Preventing access to the global object is one of the key purposes of any sandboxing system.
[#23] Which are the two functions that are not allowed in any secure subset?
Correct Answer
(B) eval() and the Function() constructor
Explanation
Solution: eval() and the Function() constructor are not allowed in any secure subset because they allow the execution of arbitrary strings of code, and these strings cannot be statically analyzed.
[#24] Which is the object that defines methods that allow complete control over page content?
Correct Answer
(A) The client-side document object
Explanation
Solution: The client-side document object defines methods that allow complete control over page content.
[#25] Which was one of the first security subsets proposed?
Correct Answer
(D) ADSafe
Explanation
Solution: ADsafe was one of the first security subsets proposed) It was created by Douglas Crockford (who also defined The Good Parts subset).ADsafe relies on static verification only, and it uses JSLint as its verifier. It forbids access to most global variables and defines an ADSAFE variable that provides access to a secure API, including special-purpose DOM methods. ADsafe is not in wide use, but it was an influential proof-of-concept that influenced other secure subsets.