Kuroki Kaze
Reputation: 8481
How to isolate unsecure JavaScript code
I need to isolate user-written code snippets from each other in javascript. For now the funniest thing i can think of is closures:
function executor() {
window.alert('Hello!');
size0 = document.getElementById("load").innerHTML;
window.alert('zero:' + size0);
(function(document){
// document = {"innerHTML":"empty"};
window.alert('Hello again!');
size1 = document.getElementById("load").innerHTML;
window.alert('first:' + size1);
(function(window){
size2 = document.getElementById("load").innerHTML;
window.alert('Hello now!');
window.alert('second:' + size2);
// window.alert('second:' +document.getElementById('load').size());
})("empty");
})("empty");
}
Is there a better and safer way to do this? Can i close prototype for various things like arrays?
Upvotes: 2
Views: 763
Answers (2)
slashnick
Reputation: 26549
You could look at Caja from Google. It's designed for running scripts from third parties safely and securely.
Upvotes: 3
Bryan McLemore
Reputation: 6493
As far as I know the easiest, and best, way to sandbox javascript is via iframes. Here is a blog post that might help.
Upvotes: 4
Related Questions
- Javascript Security
- Protecting a JavaScript object against external scripts
- How to obscure sensitive data written in Javascript?
- securing javascript source code
- Improving security with JS
- Security in JavaScript Code
- Javascript: How to secure your code
- Protect content in Javascript
- 'Sanitising' user-submitted Javascript - so it still works!