http://eligrey.com/blog/post/jsandbox-0-2 this instanceof Whitty Sun, 29 Jan 2012 12:58:00 +0000 hourly 1 http://wordpress.org/?v=3.3 http://eligrey.com/blog/post/jsandbox-0-2/comment-page-1#comment-2518 Eli Grey Tue, 09 Nov 2010 22:58:00 +0000 http://eligrey.com/blog/?p=386#comment-2518 It depends on what kind of website extensibility you want. If you want to let scripts commit DOM modifications, you're going to have to build a secure API on top JSandbox where the sandboxed script continuously (you'll need to keep polling it, something you wouldn't have to do in the planned rewrite where you can listen for messages) gives a list of DOM mutations for your API to approve or deny. It depends on what kind of website extensibility you want. If you want to let scripts commit DOM modifications, you’re going to have to build a secure API on top JSandbox where the sandboxed script continuously (you’ll need to keep polling it, something you wouldn’t have to do in the planned rewrite where you can listen for messages) gives a list of DOM mutations for your API to approve or deny.

]]> http://eligrey.com/blog/post/jsandbox-0-2/comment-page-1#comment-2517 Koistya `Navin Tue, 09 Nov 2010 22:27:00 +0000 http://eligrey.com/blog/?p=386#comment-2517 Cool. Do you think it is possible to use current version for a scenario when website provides some points of extensibility and website users can extend website functionality with their code by uploading it to the website, similar to how MEF works in .NET world ( http://mef.codeplex.com/ )? Cool. Do you think it is possible to use current version for a scenario when website provides some points of extensibility and website users can extend website functionality with their code by uploading it to the website, similar to how MEF works in .NET world ( http://mef.codeplex.com/ )?

]]> http://eligrey.com/blog/post/jsandbox-0-2/comment-page-1#comment-2516 Eli Grey Tue, 09 Nov 2010 22:05:00 +0000 http://eligrey.com/blog/?p=386#comment-2516 To the extent of my knowledge, JSandbox is completely safe. I've done much penetration testing and have been unable to uncover any not already-patched attack vectors. Please note that I will eventually (not anytime soon) be rewriting JSandbox into an easier to use (for both the client website and user-submitted code) Java Runnable-like API. To the extent of my knowledge, JSandbox is completely safe. I’ve done much penetration testing and have been unable to uncover any not already-patched attack vectors. Please note that I will eventually (not anytime soon) be rewriting JSandbox into an easier to use (for both the client website and user-submitted code) Java Runnable-like API.

]]>