I am trying to use Caja to sandbox users' games, to prevent malicious code
from being run, however when using Caja you us separate host and guest
pages eg. example.com/host and example.com/guest
My concern is that an attacker could simply link to the unsandboxed
example.com/guest, and bypass the sandbox entirely.
Is there any way to protect against this, such as dynamically loading the
html from a string, or blocking direct access to example.com/guest?
You received this message because you are subscribed to the Google Groups
"Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
For more options, visit https://groups.google.com/d/optout.