2006 June 18 17:00:00: Links below are dead. There is an IP address ( for “developer.netscape.com” but there is no http server there. Here is a page in the same format as what the Wayback machine remembers for “http://developer.netscape.com/docs/manuals/communicator/jsref/index.html?content=navig.htm TARGET="_top"”. The higher level pages seem gone, or I just can't find them with Google. Maybe developer.netscape.com will be up tomorrow.
This is a note that records my attempts to find a list of predefined objects that JavaScript and ActionScript programs have available to them.

A general point here is that the information that I am finding was produced under a charter to “provide enough information to enable useful programs” rather than to be exhaustive in support of providing arguments that there are not security problems. These pointers are nonetheless useful for security exploration for the problems they might reveal. But the following quote seems promising (for JavaScript 1.2):

For a list of all objects and their properties, methods, and event handlers, see “What's in this Reference,” in the JavaScript Reference.

Having skimmed the Predefined Core Objects and Functions, they all seem to be convenience or utility objects. I think they do nothing that the programmer could not do otherwise.

Here is Netscape's list of objects that are automatically available to the JavaScript program when it runs in a browser. Here is a trivial read eval print loop that may reveal which of these objects are actually available in your browser from JavaScript.

What are signed scripts about?

Here is a Core JavaScript Reference for 1.5.

To Do

See Security; Some answers here. We may need to understand “Configurable Security Policies”.
Safari hangs on this.
ActionScript I bought the book “ActionScript, The Definitive Guide”. See some notes by the author. Code Depot
Hello, world! (XSLT)

Hello, world! (XSLT via html)

Hello, world! (XAML/WPF)
Hello, world! (XUL)