- From: <bugzilla@jessica.w3.org>
- Date: Sat, 15 Jan 2011 07:54:55 +0000
- To: public-webapps@w3.org
http://www.w3.org/Bugs/Public/show_bug.cgi?id=11769 Summary: I have just implemented a 'javascript sandbox' using iframes and postMessage, exactly as intended by the specification. Thank you! It works beautifully! Safe XSS at last! Of course, now the next problem comes into view: I have all these IFrames/Objects wi Product: WebAppsWG Version: unspecified Platform: Other URL: http://www.whatwg.org/specs/web-apps/current-work/#top OS/Version: other Status: NEW Severity: normal Priority: P3 Component: Web Messaging (editor: Ian Hickson) AssignedTo: ian@hixie.ch ReportedBy: contributor@whatwg.org QAContact: member-webapi-cvs@w3.org CC: mike@w3.org, public-webapps@w3.org Specification: http://dev.w3.org/html5/postmsg/ Section: http://www.whatwg.org/specs/web-apps/current-work/complete.html#top Comment: I have just implemented a 'javascript sandbox' using iframes and postMessage, exactly as intended by the specification. Thank you! It works beautifully! Safe XSS at last! Of course, now the next problem comes into view: I have all these IFrames/Objects with their sandboxed javascript coming from remote servers that I can talk to... but no idea how much CPU they are consuming, or when they crash. What's needed is something like "window.getCpuUsage()". Most of the rest of a reasonable scheduling system can then be built entirely within javascript. The next obvious step would be to generalize that to all important resources consumed by the embedded object; memory, bandwidth, and open connections. Views of these statistics are available within many browser debuggers, but not on reflection to the javascript itself. This information should probably be available to both the containing page, and the contained object. With this one simple problem solved (detecting abusive/broken 'sub-process' javascript by it's behavior) javascript is free to become, in many ways, a fully-fledged operating system. Or at the very least, slow down it's animations or entropy generator to not totally consume all my CPU. Jeremy Lee BCompSci(Hons) jeremy@unorthodox.com.au Posted from: 58.106.139.138 -- Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
Received on Saturday, 15 January 2011 07:54:57 UTC