What makes JSFiddle secure from XSS based attacks? [closed]

I am curious, what makes www.jsfiddle.net secure from XSS based attacks? They have a support for accounts so clearly any script they run on the browser may do evil things.

Answers:

Answer

If you look at the results pane for a fiddle you'll notice that it's actually an IFRAME pointing to a different domain which means that built in security will kick in which generally prevents access to the parent window.

This fiddle for example : http://jsfiddle.net/jomanlk/y9zCK/

Is actually served by : http://fiddle.jshell.net/jomanlk/y9zCK/show/

Tags

Recent Questions

Top Questions

Home Tags Terms of Service Privacy Policy DMCA Contact Us

©2020 All rights reserved.