I think I’ve managed to create a good sandboxing system using same origin policy. The only downside is that it uses new windows to prevent top.location assignments. It works by injecting code into another domain (sandbox.businessinfo.co.uk) and executing the code in the context of that domain and returning the result of the code in the […]