JavaScript is a generic language, fast and powerful. But execution in browser context implies certain security limitations.

That is because you surely don't want a web page script to execute with your priviledges: read/write on hard disk, install software etc. The script must have strict security limitation not to harm your system, so you can open the page and feel safe.

  • JavaScript can’t read/write to hard disk, copy files and call other programs. It doesn’t have direct access to the OS. Newer browsers provide such abilities, but in a very limited and secure way.
  • JavaScript in one tab can’t affect other tabs/windows. There are exceptions, namely when two windows come from same domain.
  • A page with JavaScript can do network requests on it’s own domain without limitations. A request to another domain is also possible, but security measures apply.

Note: Modern JavaScript is a generic language. It is not browser-only. There are console programs and server Node.JS written in JavaScript.