- From: John Tamplin <jat@google.com>
- Date: Tue, 2 Aug 2011 12:14:22 -0400
On Tue, Aug 2, 2011 at 7:15 AM, Dennis Joachimsthaler <dennis at efjot.de>wrote: > Am 02.08.2011, 13:12 Uhr, schrieb Anne van Kesteren <annevk at opera.com > > >> If users cannot trust their userscripts and addons (provided they can do >> unsafe things) they have lost already. >> >> > True. We do not make standards solely to protect inexperienced users. > > Thank you for your insight on this matter, though. > If you need to run untrusted code, consider Caja<http://code.google.com/p/google-caja/>. JS itself doesn't provide the necessary mechanisms to safely execute untrusted code, so either you trust the code you are running completely (at least to the limits of what you can enforce running it in an iframe jail) or you do something like Caja. -- John A. Tamplin Software Engineer (GWT), Google
Received on Tuesday, 2 August 2011 09:14:22 UTC