funsec mailing list archives

Re: JavaScript: A Tool, A Weapon

From: B Potter <gdead () shmoo com>
Date: Sat, 5 Jan 2008 09:01:30 -0500


On Jan 5, 2008, at 3:36 AM, coderman wrote:

On Jan 4, 2008 1:24 PM,  <Valdis.Kletnieks () vt edu> wrote:

...
I was whining about the Javascript sandbox being basicallybusticated...


the trick is to use a bigger sandbox.  virtual machines for browser
appliances with distinct sessions and address space is good thing;
just heavy weight at the moment...

There are other interesting ways to solve some JS problems. If youhaven't already, you might want to take a look at Google's Caja project.


http://code.google.com/p/google-caja/

Basically, it's capabilities-based JavaScript that can be implementedwith the existing JS language.


later

bruce
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

JavaScript: A Tool, A Weapon Paul Ferguson (Jan 03)
- Re: JavaScript: A Tool, A Weapon silky (Jan 04)
  - Re: JavaScript: A Tool, A Weapon Valdis . Kletnieks (Jan 04)
    - Re: JavaScript: A Tool, A Weapon coderman (Jan 05)
    - Re: JavaScript: A Tool, A Weapon B Potter (Jan 05)
  - RE: JavaScript: A Tool, A Weapon Hubbard, Dan (Jan 04)
- Re: JavaScript: A Tool, A Weapon Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jan 05)
- <Possible follow-ups>
- Re: JavaScript: A Tool, A Weapon Paul Ferguson (Jan 05)
  - Re: JavaScript: A Tool, A Weapon Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jan 05)