[whatwg] Prevent a document from being manipulated by a "top" document

John Tamplin jat at google.com
Tue Aug 2 09:14:22 PDT 2011


On Tue, Aug 2, 2011 at 7:15 AM, Dennis Joachimsthaler <dennis at efjot.de>wrote:

> Am 02.08.2011, 13:12 Uhr, schrieb Anne van Kesteren <annevk at opera.com
>
>
>> If users cannot trust their userscripts and addons (provided they can do
>> unsafe things) they have lost already.
>>
>>
> True. We do not make standards solely to protect inexperienced users.
>
> Thank you for your insight on this matter, though.
>

If you need to run untrusted code, consider
Caja<http://code.google.com/p/google-caja/>.
 JS itself doesn't provide the necessary mechanisms to safely execute
untrusted code, so either you trust the code you are running completely (at
least to the limits of what you can enforce running it in an iframe jail) or
you do something like Caja.

-- 
John A. Tamplin
Software Engineer (GWT), Google



More information about the whatwg mailing list