Comments on: Microsoft Live Labs Web Sandbox

By: Tchvil

Tchvil — Fri, 30 Jan 2009 15:56:52 +0000

You may have a look at another approach to call APIs. No applets, no Flash or Silverlight. Just a simple web page, some javascript and another domain.
http://beebole.com/blog/general/sandbox-your-cross-domain-jsonp-to-improve-mashup-security/

By: Jeria

Jeria — Fri, 24 Oct 2008 10:39:51 +0000

Nice trick to get developers to install Silverlight on their machines ;)

By: Mikael Bergkvist

Mikael Bergkvist — Fri, 24 Oct 2008 01:01:42 +0000

So this isn’t just a trick to get people to use Silverlight then? :-)

By: Siteexperts

Siteexperts — Thu, 23 Oct 2008 21:56:08 +0000

Dion – Thanks for sharing our project.

fatlotus: That is a great question. I believe IFrames are often misunderstood.

To briefly summarize, IFrames have a few disadvantages. First, they are an isolation mechanism, not a proper security solution. Content in IFrames can compromise a page via bad code, trying to install add-ons, redirecting, and click-jacking.

Now, even if IFrames addressed those concerns, the isolation creates additional challenges. The code cannot easily integrate with the outer page (styles don’t inherit, communication is hard, etc).

Last, IFrames assume a rigid model. Over time, the more interesting extensibility scenarios are not going to be restricted to boxes. They are going to be about sites themselves exposing APIs that can be safely extended by third-parties.

We need a model that converges the benefits of IFrame isolation without the restrictions. Exploring this challenge is one of the goals of the Web Sandbox project.

For more details, I suggest reading the overview documentation on our web sandbox site.

Scott Isaacs (Microsoft)

By: fatlotus

fatlotus — Thu, 23 Oct 2008 21:08:40 +0000

Correction:

What happened to just using an iframe with an external source?

By: fatlotus

fatlotus — Thu, 23 Oct 2008 21:08:03 +0000

What happened to just using an with an external source?