W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2015

`iframe[@sandbox]`: "sandblaster" JS library for analysis/modification

From: James M. Greene <james.m.greene@gmail.com>
Date: Wed, 30 Sep 2015 09:56:56 -0500
Message-ID: <CALrbKZj38h78D=_O6GXAaK8pwHHVx5L9JW2Rrygig6ZfB2deAw@mail.gmail.com>
To: WHAT Working Group Mailing List <whatwg@whatwg.org>
*I should've shared this a long time ago but better late than never....*

Last winter, I was dealing with some confusion surrounding `iframe`
sandboxing [when I wasn't aware it existed] on code playground sites
(JSFiddle, JSBin, CodePen, etc.).

While investigating, I ended up creating a JS library called *sandblaster*
[1] to assist me in analyzing *aaaaand* potentially modifying/dismantling
iframe sandboxes.

You can see a live analysis result example on its demo page [2].

Please check it out if you're interested in the subject and feel free to
contribute issues/PRs/tests/suggestions/etc. on its GitHub repo [1].

Thanks!


[1]: https://github.com/JamesMGreene/sandblaster
[2]: http://jamesmgreene.github.io/sandblaster/test-iframes.html


Sincerely,
    James Greene
Received on Wednesday, 30 September 2015 14:57:44 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:15 UTC