W3C home > Mailing lists > Public > whatwg@whatwg.org > January 2007

[whatwg] Sandboxing scripts in pages

From: Asbjørn Ulsberg <asbjorn@tigerstaden.no>
Date: Fri, 12 Jan 2007 22:09:40 +0100
Message-ID: <op.tl17qeoa16f2qb@quark>
On Fri, 12 Jan 2007 17:37:43 +0100, Anne van Kesteren <annevk at opera.com>  
wrote:

>> Whatever shape the mechanism ultimately takes, having a way of isolating
>> scripts within a document would be extremely beneficial.
>
> Use an <iframe> and use cross-document messaging? This has been  
> discussed a lot by the way.

Frames are a terrible solution. The content is after all a part of the  
page it's hosted in, but we want to sandbox it to make sure it can't do  
any harm.

Let's say we'd like to sandbox anonymous user-contributed comments on a  
blog, but not comments from logged in users. That would require all  
anonymous comments to be placed within an iframe. For 100 anonymous  
comments, that's 100 iframes on a single web page. Don't tell me that's an  
elegant solution.

-- 
Asbj?rn Ulsberg     -=|=-    http://virtuelvis.com/quark/
?He's a loathsome offensive brute, yet I can't look away?
Received on Friday, 12 January 2007 13:09:40 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:58:51 UTC