>From the first paragraph, it seems like you simply want no to execute certain scripts at all. I suppose this was not your intention, because if it were, you can simply not put them in a "<script>". So, what was your intention?
☆PhistucK On Tue, Nov 10, 2009 at 14:15, Mathias Wagner <[email protected]>wrote: > Hello, > > I am a student of computer science and want to implement a "jail" for > java-script or at least gather some information how one could do that. > The idea is not new. Brandon Eich had it before. > So the idea is to tell the browser: do not execute java-script within > this area, although the domain where that code comes from is allowed > to execute java-script outside such specific areas. > > <jail id="someHash"> > code here > </jail id="someHash"> > > My questions are the following: > > 1. Are there any plans of implementing stuff like this in Google > Chrome or WebKit in general? Please note that there is a difference > compared to the approach of Mozilla called Content Security Policy. > > 2. How difficult would that be? I imagine a procedure like this: > - parse the HTML Document > - cut out the peaces wrapped by jail tags > - hand the rest to the java-script engine > - take the output of the engine and reinsert the clipped parts > > But what about the "dynamic"part? What if a link element within a jail > tag contains code like <a onclick="alert('onClick!')" title="">click > me</a>? Would that be invisible to the java-script engine because it > was not "registered"? > > Mathias Wagner > > -- > Chromium Discussion mailing list: [email protected] > View archives, change email options, or unsubscribe: > http://groups.google.com/group/chromium-discuss -- Chromium Discussion mailing list: [email protected] View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-discuss
