- From: Hallvord Reiar Michaelsen Steen <hallvord@hallvord.com>
- Date: Tue, 31 Jan 2006 13:53:43 +0900
On 30 Jan 2006 at 22:57, Alexey Feldgendler wrote: > > devil is in the detail. For example, how do you programmatically isolate > > the outside and inside? If the outside sets a value on the inside, and > > the inside has set a setter function on that value, how do you make sure > > the setter runs with the right privileges? > > All code which is physically written inside the sandbox is restricted. > This includes setter functions. This is very hard to implement. AFAIK no UA's JavaScript engine has a concept of the "origin" of a function. If any function is invoked by a thread with higher privileges, it will run with higher privileges. The alternative is having the UA do a security check for every function it intends to run, and I don't see any way to avoid a serious performance penalty there. Caveat: I'm not a programmer, just a tester. > > Also, how do you prevent inner "safe" script from e.g. overlaying > > content on top of any arbitrary part of the page using absolutet > > positioning? You have to try and allocate particular bits of the page to > > particular sandboxes. That's a nightmare. > > Thanks for pointing this issue out, I'll think about how to address it Yes, it is a serious problem. > > I know people _want_ to do it, just as people wanted pretty coloured > > scrollbars and so IE added a proprietary extension to CSS to allow it. Gerv, don't you see the potential here? Come on, 50% of all blogs will add dynamic menus! Isn't that going to be great for the web? :-p For the record: I think there are really good use cases for these ideas. Regarding SANDBOX when I look at the discussion and points raised so far I sort of get the feeling that we are re-inventing IFRAME... Hence I'm beginning to think that we should just come up with a new attribute on IFRAME, called "sandbox" or "contentrestriction" or something like that. That way the parent page could explicitly allow or prevent interaction with the IFRAME. Just a loose idea for now.. -- Hallvord Reiar Michaelsen Steen http://www.hallvord.com/
Received on Monday, 30 January 2006 20:53:43 UTC