According to the "Client-side Javascript Guide" under SSL Servers and Unsigned Scripts
An alternative to using the Netscape Signing Tool to sign your scripts is to serve them from a secure server. Navigator treats all pages served from an SSL server as if they were signed with the public key of that server. You do not have to sign the individual scripts for this to happen. If you have an SSL server, this is a much simpler way to get your scripts to act as though they are signed. This is particularly helpful if you dynamically generate scripts on your server and want them to behave as if signed. For information on setting up a Netscape server as an SSL server, see Managing Netscape Servers. This is obviously incorrect. As those reading this know, Mozilla's same-origin check overrides this behavior. _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security