I want to have developers write some custom apps for a site in Javascript but I want to sandbox it so they can't do anything naughty like redirect the user, set the body display to none etc etc. I have a namespace in Javascript where all the functions they'll ever need exist in there so I was thinking to create a sandbox would be a matter of:
with(Namespace) {
//App code goes here where they can only access Namespace.*
}
How is easy is it to get around this and what other methods can be done? Would rather not have to moderate every submitted app.
To enforce a sandbox, you would have to inspect the code before it is executed, capture any non-legit code and if found, somehow prevent it from running. Very tedious and prone for errors for a long time.
Facebook did this at least in their early platform, I, as a developer, definitely did not enjoy it. They limited the native methods that could be used, and provided limited wrappers around some.
Well, the options to sandbox code at the moment are:
- Google Caja Project
- ADSafe
Both allow you to create a safe environment where the access to the global object and the DOM is restricted.
The primary purpose of these projects is to allow you to safely embed widgets and any web content from third parties.
The first thing that comes to mind is eval
. They can use that to execute custom code outside of the wrapper sandbox. It will be very hard to stop a determined developer by attempting to wrap the code.
Link to the use of eval.