Sandboxing JavaScript Using 'iframe'

Dean Edwards has created a Sandbox funtion that allows him to eval code outside the contect of a window. I’ve been experimenting with running code in an iframe and the results are very encouraging. Sandbox.eval() I’m currently developing a templating system in JavaScript and ran into a problem with scope. The problem is that my […]

Dean Edwards has created a Sandbox funtion that allows him to eval code outside the contect of a window. I’ve been experimenting with running code in an iframe and the results are very encouraging.

Sandbox.eval()

I’m currently developing a templating system in JavaScript and ran into a problem with scope. The problem is that my template scripts have access to all of the global (window) object’s properties and methods. I don’t want this. I want my template scripts to run in a separate, closed environment. Template scripts shouldn’t be able to address anything in the browser window. This could potentially lead to disaster.
Continue for more info….

sandbox.eval("alert('Hello!')"); // => Hello! try { var goodbye = "Goodbye!"; sandbox.eval("alert(goodbye)"); // => ERROR! } catch (error) { alert("ERROR!"); }

ajaxian

Sandbox, java, javascript, sandboxing