Sandboxing JavaScript Using 'iframe'

Dean Edwards has created a Sandbox funtion that allows him to eval code outside the contect of a window. I’ve been experimenting with running code in an iframe and the results are very encouraging. Sandbox.eval() I’m currently developing a templating system in JavaScript and ran into a problem with scope. The problem is that my […]

Share online:

Dean Edwards has created a Sandbox funtion that allows him to eval code outside the contect of a window. I’ve been experimenting with running code in an iframe and the results are very encouraging.

Sandbox.eval()

I’m currently developing a templating system in JavaScript and ran into a problem with scope. The problem is that my template scripts have access to all of the global (window) object’s properties and methods. I don’t want this. I want my template scripts to run in a separate, closed environment. Template scripts shouldn’t be able to address anything in the browser window. This could potentially lead to disaster.
Continue for more info….

sandbox.eval("alert('Hello!')"); // => Hello! try { var goodbye = "Goodbye!"; sandbox.eval("alert(goodbye)"); // => ERROR! } catch (error) { alert("ERROR!"); }

ajaxian

Sandbox, java, javascript, sandboxing

About The Author

Deepak Gupta is a IT & Web Consultant. He is the founder and CEO of diTii.com & DIT Technologies, where he’s engaged in providing Technology Consultancy, Design and Development of Desktop, Web and Mobile applications using various tools and softwares. Sign-up for the Email for daily updates. Google+ Profile.