Our JavaScript interpreter accepts as input, in addition to the scripts to execute, a security policy from the browser user. Different users may have different requirements with respect to their own privacy or that of the data they submit, and this will be reflected in their chosen security policies. Simply put, a security policy defines a partitioning of the JavaScript name space into inaccessible, read-only, and read-write objects.
A policy also defines the action for the JavaScript interpreter to take when the current script tries to execute an operation that violates the access control specification that the name space partition defines.
A security policy further specifies which external protocols (e.g., loading a mailto: or ftp: URL) the script is allowed to invoke and the appropriate action to take in the event that a script attempts to invoke a protocol not allowed by the policy.