Oh, and in this case, my sandbox (Phantom sandbox) I use the native firefox protection of "nodeless" or "ghost" documents from the generated principal.. So it should be safe.. there are quite a few ways of making a safe js sandbox, specially if we have browser's support (wrappers + independent principals mostly). Greetings!! -- Eduardo http://www.sirdarckcat.net/ Sent from Hangzhou, 33, China On Tue, Dec 8, 2009 at 5:43 PM, gaz Heyes <gazheyes@gmail.com> wrote: > 2009/12/8 Adam Barth <w3c@adambarth.com> > >> It's not as simple as that. It is very difficult to mix JavaScript >> objects that belong to different principals. You can do it if you >> constrain the attacker to a "safe" subset of JavaScript like Caja, but >> in general, the attacker can wreck you with leaked pointers. >> > > I constrain javascript using $$ rewriting. So for example:- > > x=alert; > x(1) > > Becomes:- > var $x$;$window$.$x$=$x$; > $x$=$alert$; > $x$(Number(1)) > > The code is executed in a iframe window and every function/property is > whitelisted. var is used to make all variables fallback to local scope and a > fake window object is used when doing stuff like:- > (1,[].sort)() // Firefox leaks window > > I run a syntax check using function before and after the conversion. It > seems pretty safe but I haven't really had much help apart from a few people > on sla.ckers. The only drawback is objects that belong to another window, in > that case I need to pass the window scope to check if objects return to > window. >
Received on Tuesday, 8 December 2009 10:20:13 UTC