A pedant that hangs out in the dark corner-cases of the web.

Wednesday, March 18, 2009

T24F The Microsoft Web Sandbox

  • first gen: Facebook JS (FBJS), AdSafe
  • second gen: Caja, FBJS2
  • ECMA TC-39 Security Working Group
  • provides W3C standard DOM support for even IE browsers
  • provides isolation for 3rd party scripts (3JS)
  • provides QoS checking for 3JS (only the embedded [div] portion fails or times out)
  • allows integration into rest of page (not absolute isolation)
  • JSVM script, 3JS transform service converts 3HTML or 3JS into a JSON closure that intercepts all DOM namespace lookups
  • virtual title and status bar for the hosting element
  • Apache License
  • well-formed HTML only
  • no document.write()
  • no eval()
  • no JS with statement
  • debug complexity
  • performance penalty

No comments: