Hello, I am a student of computer science and want to implement a "jail" for java-script or at least gather some information how one could do that. The idea is not new. Brandon Eich had it before. So the idea is to tell the browser: do not execute java-script within this area, although the domain where that code comes from is allowed to execute java-script outside such specific areas.
<html> ... here javascript allowed <jail id="someHash"> code here ... no javascript allowed </jail id="someHash"> ... </html> My questions are the following: 1. Are there any plans of implementing stuff like this in Google Chrome or WebKit in general? Please note that there is a difference compared to the approach of Mozilla called Content Security Policy. 2. How difficult would that be? I imagine a procedure like this: - parse the HTML Document - cut out the peaces wrapped by jail tags - hand the rest to the java-script engine - take the output of the engine and reinsert the clipped parts But what about the "dynamic"part? What if a link element within a jail tag contains code like <a onclick="alert('onClick!')" title="">click me</a>? Would that be invisible to the java-script engine because it was not "registered" when it is within a jail tag? And is there any kind of architecture picture of Chrome/Chromium? I imagine a simple image with the different modules and how they interact. Thanks a lot. Mathias Wagner -- Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev