[whatwg] Sandboxing scripts in pages
Andrew Fedoniouk
news at terrainformatica.com
Fri Jan 12 16:40:59 PST 2007
Why not to do something like this:
function evalInSandbox(str)
{
var window = null; // shields of global objects
var document = { managedThunk1: function() {...}; managedThunk2: function()
{...}; }
var self = null;
function getElement(id)
{
....
}
eval( str );
}
?
So
evalInSandbox("getElement('id')"); will succeed
and
evalInSandbox("document.getElementById('id')"); will fail.
Andrew Fedoniouk.
http://terrainformatica.com
----- Original Message -----
From: "James M Snell" <jasnell at gmail.com>
To: <whatwg at whatwg.org>
Sent: Friday, January 12, 2007 8:34 AM
Subject: [whatwg] Sandboxing scripts in pages
| Hello,
|
| I've recently been musing over some ideas around sandboxing scripts and
| styles within a document [1]. The basic idea is to have some means of
| isolating potentially untrustworthy scripts.
|
| From my blog entry: "Scripts within the sandbox would only see the DOM
| of the sandbox. Methods defined outside the sandbox would still be
| accessible. External methods could return objects from outside the
| sandbox."
|
| The example I go on to give is this:
|
| <html>
| <body>
| <script>
| function getElement(id) {
| return document.getElementById(id);
| }
| </script>
|
| <sandbox id="a">
| <div id="a1"></div>
| <script>
| // this will fail because b1 does not exist in sandbox a
| document.getElementById('b1').innerHTML = "foo";
|
| // this will succeed because getElement(id) can be called from
| within sandbox a
| getElement('b1').innerHTML = "foo";
| </script>
| </sandbox>
|
| <sandbox id="b">
| <div id="b1"></div>
| </sandbox>
| </body>
| </html>
|
| The use of the sandbox tag is purely illustrative. As Asbjørn Ulsberg
| points out in the comments on my entry, the same effect could be
| achieved using either a new DOM and/or CSS property. For instance, we
| could replace the <sandbox> with <div style="scripts:restricted"> (or
| some variation thereof).
|
| Whatever shape the mechanism ultimately takes, having a way of isolating
| scripts within a document would be extremely beneficial.
|
| Thoughts?
|
| - James
|
| [1] http://www.snellspace.com/wp/?p=582
|
More information about the whatwg
mailing list