Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Javascript Sandbox

I want to have developers write some custom apps for a site in Javascript but I want to sandbox it so they can't do anything naughty like redirect the user, set the body display to none etc etc. I have a namespace in Javascript where all the functions they'll ever need exist in there so I was thinking to create a sandbox would be a matter of:

with(Namespace) {
    //App code goes here where they can only access Namespace.*
}

How is easy is it to get around this and what other methods can be done? Would rather not have to moderate every submitted app.

like image 519
Louis Avatar asked Jun 07 '10 03:06

Louis


1 Answers

Well, the options to sandbox code at the moment are:

  • Google Caja Project
  • ADSafe

Both allow you to create a safe environment where the access to the global object and the DOM is restricted.

The primary purpose of these projects is to allow you to safely embed widgets and any web content from third parties.

like image 91
Christian C. Salvadó Avatar answered Oct 29 '22 14:10

Christian C. Salvadó