Simon Willison’s Weblog

Subscribe
Atom feed for dojoxsecure

1 item tagged “dojoxsecure”

2008

Secure mashups with dojox.secure (via) dojox.secure is brilliant and terrifying at the same time. It provides a full featured API for running untrusted JavaScript in a sandbox, by parsing and validating that code against a variant of Douglas Crockford’s ADsafe JavaScript subset. It could be fantastically useful, but it’s difficult to judge how secure this approach really is.

# 24th September 2008, 4:08 pm / adsafe, dojo, dojox, dojoxsecure, javascript, kriszyp, mashups, sandboxing, security