I'm wondering if it's possible to sandbox JavaScript running in the browser to prevent access to features that are normally available to JavaScript code running in an HTML page.  For example, let's say I want to provide a JavaScript API...
I would like to have the ability to let users submit arbitrary JavaScript code, which is then sent to a Node.JS server and safely executed before the output is sent back to multiple clients (as JSON). The eval function comes to mind, but I know this...
I've got an empty iframe and a button:  <input type="button" name="B1" value="google" onclick="frames['IFrameName1'].location.href='https://www.google.com/'">  But (besides .location.href) i n...
I have an untrusted code submitted by a user, and I need to execute it in a sandboxed environment in a browser.  I was advised that Web-Workers cannot be secure enough for that, and that a sandbxed iframe should better be used. This page:  https://ww...
I had a bug in our (code signed) java applet "access denied (java.net.SocketPermission x.x.x.x:443 connect_resolve." We had an html "save" button that was calling (via javascript) an applet method to save a file, loaded into the apple...
I am loading HTML content into an iframe using the srcdoc property. The iframe is a sandboxed iframe with no permissions given, so all Javascript in the iframe is blocked. However, remote requests (such as for CSS, images etc.) will still be triggere...
I need to add SCRIPTs into a sandboxed IFRAME and I'm trying to avoid using document.write (see here and here) but the DOM version is not executing the scripts in order. In the example below, jQuery hasn't loaded by the time the in-line scrip...
Can I limit the access of a string-generated function (using the Function constructor) to the parent/global scopes?  For example: the following code, as it is, prints false, because the function is storing/modifying the variable a in window.  window....
we have a Java application and would like to run untrusted code using the built in Javascript interpreter (javax.script.*)  However by default the interpreter allows access to any java class. For example "java.lang.System.exit(0)" in the scri...
Is it possible to prevent an iframe from reloading the parent window?  The sandbox attribute without allow-top-navigation prevents redirection but doesn't prevent reloading.  PS: I need the sandbox to allow both allow-scripts and allow-same-origi...

Tags

Recent Questions

Top Questions

Home Tags Terms of Service Privacy Policy DMCA Contact Us

©2020 All rights reserved.