Comments on: Firefox javascript sandboxing http://www.thespanner.co.uk/2008/02/22/firefox-javascript-sandboxing/ Javascript blog with messed up syntax inside Thu, 26 Jan 2012 01:38:34 +0000 hourly 1 By: Gareth Heyes http://www.thespanner.co.uk/2008/02/22/firefox-javascript-sandboxing/#comment-1623 Gareth Heyes Mon, 24 Aug 2009 09:38:02 +0000 http://www.thespanner.co.uk/2008/02/22/firefox-javascript-sandboxing/#comment-1623 @dmp I won't say that it is easy but I do think it is possible, the only difficulty I'm having at the moment is the [] syntax. Once I can successfully identify arrays and objects using [] then it should be pretty secure. I've not looked into Narcissus, I guess you need to run that on the server which is one of the downsides, I wanted a client side base solution. @dmp

I won’t say that it is easy but I do think it is possible, the only difficulty I’m having at the moment is the [] syntax. Once I can successfully identify arrays and objects using [] then it should be pretty secure.

I’ve not looked into Narcissus, I guess you need to run that on the server which is one of the downsides, I wanted a client side base solution.

]]> By: dmp http://www.thespanner.co.uk/2008/02/22/firefox-javascript-sandboxing/#comment-1622 dmp Mon, 24 Aug 2009 09:09:47 +0000 http://www.thespanner.co.uk/2008/02/22/firefox-javascript-sandboxing/#comment-1622 Thanks Gareth. I don't believe you can achieve anything secure (while still being useful) using regexps. There simply is too many ways to get back at the window. Have you looked into Narcissus? Thanks Gareth.
I don’t believe you can achieve anything secure (while still being useful) using regexps. There simply is too many ways to get back at the window.
Have you looked into Narcissus?

]]> By: Gareth Heyes http://www.thespanner.co.uk/2008/02/22/firefox-javascript-sandboxing/#comment-1621 Gareth Heyes Sun, 23 Aug 2009 21:39:32 +0000 http://www.thespanner.co.uk/2008/02/22/firefox-javascript-sandboxing/#comment-1621 @dmp Yeah I've moved on from this technique. I now use RegExps to rewrite code into a safe form of javascript, it's still under development but it's getting pretty good http://www.businessinfo.co.uk/labs/jsreg/jsreg.html @dmp

Yeah I’ve moved on from this technique. I now use RegExps to rewrite code into a safe form of javascript, it’s still under development but it’s getting pretty good

http://www.businessinfo.co.uk/labs/jsreg/jsreg.html

]]> By: dmp http://www.thespanner.co.uk/2008/02/22/firefox-javascript-sandboxing/#comment-1620 dmp Sun, 23 Aug 2009 17:21:05 +0000 http://www.thespanner.co.uk/2008/02/22/firefox-javascript-sandboxing/#comment-1620 Can't have your tester run. It always output "SyntaxError: syntax error" whatever you have it swallow. Either way, I'm curious about how you actually prevent access to __parent__ (I don't think preventing "_" is enough). Can’t have your tester run.
It always output “SyntaxError: syntax error” whatever you have it swallow.

Either way, I’m curious about how you actually prevent access to __parent__ (I don’t think preventing “_” is enough).

]]>