How to isolate unsecure JavaScript code_问答_开发者

开发者 https://www.devze.com 2022-12-11 02:46 出处：网络

I need to isolate user-written code snippets from each other in javascript. For now the funniest thing i can think of is closures:

function executor() {
        window.alert('Hello!');
        size0 = document.getElementById("load").innerHTML;
        window.alert('zero:' +  size0);
        (function(document){
                // document = {"innerHTML":"empty"};
                window.alert('Hello again!');
                size1 = 开发者_如何学Pythondocument.getElementById("load").innerHTML;
                window.alert('first:' + size1);
                (function(window){
                        size2 = document.getElementById("load").innerHTML;
                        window.alert('Hello now!');
                        window.alert('second:' + size2);
                        // window.alert('second:' +document.getElementById('load').size());
                })("empty");
        })("empty");
}

Is there a better and safer way to do this? Can i close prototype for various things like arrays?

As far as I know the easiest, and best, way to sandbox javascript is via iframes. Here is a blog post that might help.

You could look at Caja from Google. It's designed for running scripts from third parties safely and securely.