[whatwg] Sandboxing scripts in pages

Why not to do something like this:

   function evalInSandbox(str)
   {
     var window = null;     // shields of global objects
     var document = { managedThunk1: function() {...}; managedThunk2: function() 
{...};  }
     var self = null;

     function getElement(id)
    {
        ....
    }
     eval(  str );
   }

?

So
   evalInSandbox("getElement('id')");  will succeed
and
   evalInSandbox("document.getElementById('id')");  will fail.

Andrew Fedoniouk.
http://terrainformatica.com



----- Original Message ----- 
From: "James M Snell" <jasnell@gmail.com>
To: <whatwg at whatwg.org>
Sent: Friday, January 12, 2007 8:34 AM
Subject: [whatwg] Sandboxing scripts in pages


| Hello,
|
| I've recently been musing over some ideas around sandboxing scripts and
| styles within a document [1].  The basic idea is to have some means of
| isolating potentially untrustworthy scripts.
|
|  From my blog entry: "Scripts within the sandbox would only see the DOM
|  of the sandbox. Methods defined outside the sandbox would still be
|  accessible. External methods could return objects from outside the
|  sandbox."
|
| The example I go on to give is this:
|
|  <html>
|  <body>
|    <script>
|      function getElement(id) {
|        return document.getElementById(id);
|      }
|    </script>
|
|    <sandbox id="a">
|      <div id="a1"></div>
|      <script>
|        // this will fail because b1 does not exist in sandbox a
|        document.getElementById('b1').innerHTML = "foo";
|
|        // this will succeed because getElement(id) can be called from
|  within sandbox a
|        getElement('b1').innerHTML = "foo";
|      </script>
|    </sandbox>
|
|    <sandbox id="b">
|      <div id="b1"></div>
|    </sandbox>
|  </body>
|  </html>
|
| The use of the sandbox tag is purely illustrative.  As Asbj?rn Ulsberg
| points out in the comments on my entry, the same effect could be
| achieved using either a new DOM and/or CSS property. For instance, we
| could replace the <sandbox> with <div style="scripts:restricted"> (or
| some variation thereof).
|
| Whatever shape the mechanism ultimately takes, having a way of isolating
| scripts within a document would be extremely beneficial.
|
| Thoughts?
|
| - James
|
| [1] http://www.snellspace.com/wp/?p=582
| 

Received on Friday, 12 January 2007 16:40:59 UTC