According to http://www.mozilla.org/projects/security/components/jssec.html
"To ensure security, the basic assumption of the JavaScript signed script security model is that mixed scripts on an HTML page operate as if they were all signed by the intersection of the principals that signed each script. This is very important in Mozilla. If you have a web page with signed and unsigned code, the entire page will be regarded as unsigned. In addition, only one signature should be assigned to each JAR file. Mozilla does not currently support multiple signatures."
Are these statements still true?
This is still true
Is it possible to sign dynamically generated Javascript?
no. Not without some significant programming investment, and no one's wanted the feature enough to justify the work.
_______________________________________________
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security