W3C home > Mailing lists > Public > whatwg@whatwg.org > January 2007

[whatwg] Sandboxing scripts in pages

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Fri, 12 Jan 2007 18:12:53 +0100
Message-ID: <l5ffq2p25dhs065ckn62f2okb7hfnsgnr0@hive.bjoern.hoehrmann.de>
* James M Snell wrote:
>Whatever shape the mechanism ultimately takes, having a way of isolating
>scripts within a document would be extremely beneficial.

It would be helpful if you could first explain what pain you are trying
to solve and how your solution would solve it. For example, a malicious
script could create a new layer in the sandbox and position it so that
it is rendered on top of the rest of the document. Why wouldn't that be
a problem? Or, since the script in the sandbox apparently can execute
all other author-defined functions, what if the author of the host page
includes some scripting library that, say, provides indirect access to
document.cookie; a malicious script could then easily steal the cookie.

You naturally also cannot use <script> for the untrusted script as down-
level clients would ignore the <sandbox> and execute the script as fully
trusted one. I would say that including untrusted scripts in any way in-
to the context of your documents is a very bad idea no matter how you
try to restrict it. If you want your scripts and untrusted scripts to
communicate, that's best done through exchanging data instead of any
kind of execution sandbox.
-- 
Bj?rn H?hrmann ? mailto:bjoern at hoehrmann.de ? http://bjoern.hoehrmann.de
Weinh. Str. 22 ? Telefon: +49(0)621/4309674 ? http://www.bjoernsworld.de
68309 Mannheim ? PGP Pub. KeyID: 0xA4357E78 ? http://www.websitedev.de/ 
Received on Friday, 12 January 2007 09:12:53 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:08:31 UTC