According to http://www.mozilla.org/projects/security/components/jssec.html
"To ensure security, the basic assumption of the JavaScript signed script security model is that mixed scripts on an HTML page operate as if they were all signed by the intersection of the principals that signed each script. This is very important in Mozilla. If you have a web page with signed and unsigned code, the entire page will be regarded as unsigned. In addition, only one signature should be assigned to each JAR file. Mozilla does not currently support multiple signatures." Are these statements still true? Is it possible to sign dynamically generated Javascript? I'd certainly appreciate it if at least /one/ of my questions get answered. If you folks don't want to answer these questions, please provide pointers to friendlier fora. Cheers, jec _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
