224Re: [caplet] adsafe.js
- Jun 6, 2008On Tue, Jun 3, 2008 at 1:40 PM, Douglas Crockford <douglas@...> wrote:
> The first edition of adsafe.js is available atAttached is a rough first draft of a safe DOM wrapper. The main idea
> http://adsafe.org/adsafe.js. It still lacks dom wrappage and
> interwidget communication.
is that untrusted script views DOM nodes simply as integer handles.
To read or mutate the DOM, the untrusted code passes the appropriate
handles to the SafeDOM API, which interacts with the real DOM. The
SafeDOM library is intended to limit the untrusted code to interacting
only with the portion of the document tree that descends from
root_node. Also, element creation and modification can be controlled
by a policy, as demonstrated by the implementation of createElement.
The attached code is completely untested. It is intended to sketch
out an architecture for how the DOM API could be safely exposed to
- << Previous post in topic Next post in topic >>