Ajax Girl

Sandboxing JavaScript with iframes

Written by on November 20th, 2006 in Ajax News.

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Dean Edwards is hacking away again. This time he created a sandbox object that allows him to eval code outside of the context of window. His scenario was with templating:

// create an <iframe>
var iframe = document.createElement(”iframe”);
iframe.style.display = “none”;
document.body.appendChild(iframe);

// write a script into the </iframe><iframe> and create the sandbox
frames[frames.length - 1].document.write(
“<script>”+
“var MSIE/*@cc_on =1@*/;”+ // sniff
“parent.sandbox=MSIE?this:{eval:function(s){return eval(s)}}”+
“<\/script>”
);

He then realized that he could use this knowledge for more good, allowing us to finally subclass Array correctly (and not break .length).

Nicely done sir.

Source: Ajaxian
Original Article: http://ajaxian.com/archives/sandboxing-javascript-with-iframes

You must be logged in to post a comment.

S	M	T	W	T	F	S
« Oct				Dec »
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30

Sandboxing JavaScript with iframes

Leave a Reply

Categories

Blogroll

Pages

Recently

Archives