Loading ...
Sorry, an error occurred while loading the content.

224Re: [caplet] adsafe.js

Expand Messages
  • Adam Barth
    Jun 6, 2008
    • 0 Attachment
      On Tue, Jun 3, 2008 at 1:40 PM, Douglas Crockford <douglas@...> wrote:
      > The first edition of adsafe.js is available at
      > http://adsafe.org/adsafe.js. It still lacks dom wrappage and
      > interwidget communication.

      Attached is a rough first draft of a safe DOM wrapper. The main idea
      is that untrusted script views DOM nodes simply as integer handles.
      To read or mutate the DOM, the untrusted code passes the appropriate
      handles to the SafeDOM API, which interacts with the real DOM. The
      SafeDOM library is intended to limit the untrusted code to interacting
      only with the portion of the document tree that descends from
      root_node. Also, element creation and modification can be controlled
      by a policy, as demonstrated by the implementation of createElement.

      The attached code is completely untested. It is intended to sketch
      out an architecture for how the DOM API could be safely exposed to
      JavaScript which passes the ADsafe validator.

      Adam
    • Show all 7 messages in this topic