`iframe[@sandbox]`: "sandblaster" JS library for analysis/modification from James M. Greene on 2015-09-30 (public-webappsec@w3.org from September 2015)

From: James M. Greene <james.m.greene@gmail.com>
Date: Wed, 30 Sep 2015 09:56:56 -0500
To: WHAT Working Group Mailing List <whatwg@whatwg.org>
Message-ID: <CALrbKZj38h78D=_O6GXAaK8pwHHVx5L9JW2Rrygig6ZfB2deAw@mail.gmail.com>

*I should've shared this a long time ago but better late than never....*

Last winter, I was dealing with some confusion surrounding `iframe`
sandboxing [when I wasn't aware it existed] on code playground sites
(JSFiddle, JSBin, CodePen, etc.).

While investigating, I ended up creating a JS library called *sandblaster*
[1] to assist me in analyzing *aaaaand* potentially modifying/dismantling
iframe sandboxes.

You can see a live analysis result example on its demo page [2].

Please check it out if you're interested in the subject and feel free to
contribute issues/PRs/tests/suggestions/etc. on its GitHub repo [1].

Thanks!


[1]: https://github.com/JamesMGreene/sandblaster
[2]: http://jamesmgreene.github.io/sandblaster/test-iframes.html


Sincerely,
    James Greene

Received on Wednesday, 30 September 2015 14:57:44 UTC