I'm wondering if it's possible to sandbox JavaScript running in the browser to prevent access to features that are normally available to JavaScript code running in an HTML page.  For example, let's say I want to provide a JavaScript API...
I would like to have the ability to let users submit arbitrary JavaScript code, which is then sent to a Node.JS server and safely executed before the output is sent back to multiple clients (as JSON). The eval function comes to mind, but I know this...
I've got an empty iframe and a button:  <input type="button" name="B1" value="google" onclick="frames['IFrameName1'].location.href='https://www.google.com/'">  But (besides .location.href) i n...
I have an untrusted code submitted by a user, and I need to execute it in a sandboxed environment in a browser.  I was advised that Web-Workers cannot be secure enough for that, and that a sandbxed iframe should better be used. This page:  https://ww...
I had a bug in our (code signed) java applet "access denied (java.net.SocketPermission x.x.x.x:443 connect_resolve." We had an html "save" button that was calling (via javascript) an applet method to save a file, loaded into the apple...
I am loading HTML content into an iframe using the srcdoc property. The iframe is a sandboxed iframe with no permissions given, so all Javascript in the iframe is blocked. However, remote requests (such as for CSS, images etc.) will still be triggere...
I need to add SCRIPTs into a sandboxed IFRAME and I'm trying to avoid using document.write (see here and here) but the DOM version is not executing the scripts in order. In the example below, jQuery hasn't loaded by the time the in-line scrip...
Ok, so r.js can run on Rhino. Which is great.  To do the stuff it needs to do.  On rhino it basically uses java.io.File, java.io.FileOutputStream and java.io.FileInputStream to achieve the filesystem modifications that it needs to do.  (Background: I...
I am looking for an approach to allow only whitelisted scripts to run within a sandboxed iframe. I was thinking of an iframe-sandbox directive that allows only whitelisted scripts to run within an iframe. The analogy is the script-src directive in th...
Can I limit the access of a string-generated function (using the Function constructor) to the parent/global scopes?  For example: the following code, as it is, prints false, because the function is storing/modifying the variable a in window.  window....

Tags

Recent Questions

Top Questions

Home Tags Terms of Service Privacy Policy DMCA Contact Us

©2020 All rights reserved.