6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"Is there a safe way to allow 3rd-party javascript in a page?\",\"text\":\"

Is there a safe way in which untrusted javascript can be loaded into a page and trusted not to cause harm?

\\n\\n

I would like to create an executable wiki containing user contributed javascript. But, I am concerned that malicious javascript could hijack the page and compromise the user's account on my system.

\\n\\n

Are there workable ways to isolate javascript?

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Joby Taffey\"},\"upvoteCount\":1,\"answerCount\":1,\"acceptedAnswer\":null}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","javascript",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/javascript/1","children":"javascript"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/fd918b9597ef79853d55ff00de0af0f7?s=256&d=identicon&r=PG","alt":"Joby Taffey","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/283981/joby-taffey","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Joby Taffey"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",1194]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"Is there a safe way to allow 3rd-party javascript in a page?"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

Is there a safe way in which untrusted javascript can be loaded into a page and trusted not to cause harm?

\n\n

I would like to create an executable wiki containing user contributed javascript. But, I am concerned that malicious javascript could hijack the page and compromise the user's account on my system.

\n\n

Are there workable ways to isolate javascript?

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",1]}],["$","p",null,{"children":["Views: ",107]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",1,")"]}],[["$","div","11218048",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/05769e015d8881ad7848f08827cd11f8?s=256&d=identicon&r=PG","alt":"Lusitanian","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/1477526/lusitanian","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Lusitanian"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",11132]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

Yes. Try Google Caja, which does exactly what (I think) you want.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",1]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","25601865",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/25601865","className":"text-blue-600 hover:underline","children":"How to run user-provided Javascript without security issues (like jsFiddle, jsBin, etc.)?"}]}],["$","li","60770016",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/60770016","className":"text-blue-600 hover:underline","children":"How do you safely load external JavaScript file?"}]}],["$","li","38747430",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/38747430","className":"text-blue-600 hover:underline","children":"How to secure an app that allows users to insert JavaScript?"}]}],["$","li","34746102",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/34746102","className":"text-blue-600 hover:underline","children":"prevent third party JavaScript to insert jQuery"}]}],["$","li","23896983",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/23896983","className":"text-blue-600 hover:underline","children":"Safest way to include/embed third party javascript"}]}],["$","li","9081801",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/9081801","className":"text-blue-600 hover:underline","children":"executing third party javascript (served from some DB) in a safe way"}]}],["$","li","21411255",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/21411255","className":"text-blue-600 hover:underline","children":"Including external javascript that uses jquery in the website?"}]}],["$","li","15103174",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/15103174","className":"text-blue-600 hover:underline","children":"How to safely pass javascript around?"}]}],["$","li","3477452",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/3477452","className":"text-blue-600 hover:underline","children":"allowing any javascript to be injected on my page. What's the risk?"}]}],["$","li","4400756",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/4400756","className":"text-blue-600 hover:underline","children":"How to Include JavaScript on a Public Facing Website?"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

Is there a safe way to allow 3rd-party javascript in a page?

Answers (1)

Related Questions