[whatwg] Sandboxing scripts in pages
Asbjørn Ulsberg
asbjorn at tigerstaden.no
Fri Jan 12 13:09:40 PST 2007
On Fri, 12 Jan 2007 17:37:43 +0100, Anne van Kesteren <annevk at opera.com>
wrote:
>> Whatever shape the mechanism ultimately takes, having a way of isolating
>> scripts within a document would be extremely beneficial.
>
> Use an <iframe> and use cross-document messaging? This has been
> discussed a lot by the way.
Frames are a terrible solution. The content is after all a part of the
page it's hosted in, but we want to sandbox it to make sure it can't do
any harm.
Let's say we'd like to sandbox anonymous user-contributed comments on a
blog, but not comments from logged in users. That would require all
anonymous comments to be placed within an iframe. For 100 anonymous
comments, that's 100 iframes on a single web page. Don't tell me that's an
elegant solution.
--
Asbjørn Ulsberg -=|=- http://virtuelvis.com/quark/
«He's a loathsome offensive brute, yet I can't look away»
More information about the whatwg
mailing list