Restricted Eval
Kris Zyp
kriszyp at xucia.com
Thu Nov 1 13:46:20 PDT 2007
>> It's a sandbox, right? Should be safe. Not so fast:
> last they gave up. rexec was removed from the language. I know of no
Utilizing a sandbox is not a new concept to JavaScript. Browsers create a
sandbox everytime there is a frame from a different domain. With hacks,
these sandboxes can even pass information between each other. Fragment
identifier takes the safer road with string only message passing. Subspace
is another hack that allows real objects to be passed.
Of course the challenge is providing a safer, easier mechanism for
sandboxing with meaningful communication, and providing it at the language
level. I think I am seeing how some of the different aspects of the language
are different parts of putting the puzzle together. But sandboxing itself is
not unexplored territory with JS implementors.
BTW, If only string information was allowed to flow between, this would not
be nearly as difficult, right?
Kris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.mozilla.org/pipermail/es-discuss/attachments/20071101/30157a37/attachment-0002.html
More information about the Es4-discuss
mailing list