is it possible to restrict javascript libraries from being able to manipu开发者_开发问答late the dom?
im trying to create a system that has a main system with the api which will be able to manipulate the dom and then i want to give the ability to create third party scripts but have them limited to only the api functions.
I would recommend you to give a look to the Google Caja project.
Caja allows websites to safely embed widgets and any web content from third parties using an "object-capability security model" to allow for a wide range of flexible security policies.
No. The global context is the window
object, and a property of window
is the document
. The DOM methods are available from document
. Anywhere, anyone can use window
.
I don't believe so. You could make it difficult (security through obscurity type of nonsense), but not impossible.
You can override some of the core function of the JavaScript, that will redirect all DOM manipulation calls to your framework. For example you could override document.getElementById, or setAttribute and appendChild. You could even override them to be empty functions.
However it's really not a good practice to do so.
精彩评论