W3C home > Mailing lists > Public > whatwg@whatwg.org > September 2015

[whatwg] `iframe[@sandbox]`: "sandblaster" JS library for analysis/modification

From: James M. Greene <james.m.greene@gmail.com>
Date: Wed, 30 Sep 2015 09:56:56 -0500
Message-ID: <CALrbKZj38h78D=_O6GXAaK8pwHHVx5L9JW2Rrygig6ZfB2deAw@mail.gmail.com>
To: WHAT Working Group Mailing List <whatwg@whatwg.org>
*I should've shared this a long time ago but better late than never....*

Last winter, I was dealing with some confusion surrounding `iframe`
sandboxing [when I wasn't aware it existed] on code playground sites
(JSFiddle, JSBin, CodePen, etc.).

While investigating, I ended up creating a JS library called *sandblaster*
[1] to assist me in analyzing *aaaaand* potentially modifying/dismantling
iframe sandboxes.

You can see a live analysis result example on its demo page [2].

Please check it out if you're interested in the subject and feel free to
contribute issues/PRs/tests/suggestions/etc. on its GitHub repo [1].


[1]: https://github.com/JamesMGreene/sandblaster
[2]: http://jamesmgreene.github.io/sandblaster/test-iframes.html

    James Greene
Received on Wednesday, 30 September 2015 14:57:44 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 17:00:35 UTC