Which are the two functions that are not allowed in any secure subset?
a) evaluate() and restrict()
b) eval() and the Function() constructor
c) debugger() and test()
d) eval() and debugger()
Explanation: eval() and the Function() constructor are not allowed in any secure subset because they allow the execution of arbitrary strings of code, and these strings cannot be statically analyzed.
Which is the object that defines methods that allow complete control over page content?
a) The client-side document object
b) The server-side document object
c) Both client-side and server-side document object
d) Web document object
Explanation: A web page is divided into two object documents in which one is client-side document object and the other is server-side document object. The client-side document object defines methods that allow complete control over page content
Which was one of the first security subsets proposed?
a) FBJS
b) Caja
c) dojox.secure
d) ADSafe
Explanation: ADsafe was one of the first security subsets proposed) It was created by Douglas Crockford (who also defined The Good Parts subset). ADsafe relies on static verification only, and it uses JSLint as its verifier. It forbids access to most global variables and defines an ADSAFE variable that provides access to a secure API, including special-purpose DOM methods. ADsafe is not in wide use, but it was an influential proof-of-concept that influenced other secure subsets.
Which is the subset that transforms web content into secure modules that can be safely hosted on a web page?
a) Microsoft Web Sandbox
b) ADsafe
c) Caja
d) dojox.secure
