Javascript restricts?

Question

Javascript restricts?

Is it possible to limit javascript libraries to the ability to manipulate dom?

im trying to create a system that has a main system with api that can manipulate dom, and then I want to give the opportunity to create third-party scripts, but limit them to api functions only.

+4

javascript dom scripting ajax

ChrisMcKenzie Feb 03 '10 at 4:16

source share

4 answers

CMS · Answer 1 · 2010-02-03T04:40:23+0000

I would recommend you see the Google Caja project.

Caja allows websites to securely embed widgets and any web content from third parties using the "object security model" to provide a wide range of flexible security policies.

Jonathon faust · Answer 2 · 2010-02-03T04:19:53+0000

Not. The global context is the window object, and the window property is document . DOM methods are available from document . Anywhere, anyone can use window .

Sampson · Answer 3 · 2010-02-03T04:20:08+0000

I don’t believe that. You could make it difficult (security through an obscure kind of nonsense), but not impossible.

Ilya volodin · Answer 4 · 2010-02-03T04:21:23+0000

You can override some basic JavaScript functions that redirect all calls to DOM manipulations to your infrastructure. For example, you can override document.getElementById or setAttribute and appendChild. You can even override them as empty functions. However, this is really not a good practice.

Javascript restricts?

More articles: