Monday, November 20th, 2006
Sandboxing JavaScript with iframes
Category: JavaScript, Tip
JAVASCRIPT:
-
-
// create an <iframe>
-
var iframe = document.createElement("iframe");
-
iframe.style.display = "none";
-
document.body.appendChild(iframe);
-
-
// write a script into the </iframe><iframe> and create the sandbox
-
frames[frames.length - 1].document.write(
-
"<script>"+
-
"var MSIE/*@cc_on =1@*/;"+ // sniff
-
"parent.sandbox=MSIE?this:{eval:function(s){return eval(s)}}"+
-
"</script>"
-
);
-
He then realized that he could use this knowledge for more good, allowing us to finally subclass Array correctly (and not break .length).
Nicely done sir.
Related Content:
4.2 rating from 21 votes
well done Dean !!! … but I hope You’re not creating an eval based JavaScript template engine :D
WOW great IDEA!!!!!
most useful scripts this year :P
Weird, I can’t get either of the articles pointed to here on Dean’s site to display, either in Firefox or in IE. I’ve seen this happen before on my own sites, where the css sheets aren’t being served properly by the server, don’t know if that’s what’s happening here or not.
Deans Site ishosted from a PC in his kitchen. Come back in 30 min. or so. he prol got tons of hits when the story broke.
[...] Ajaxian ” Tip Scott Guthrie has written up a tip for Enabling Back/Forward-Button Support for … JavaScript, Ruby, Prototype, RichTextWidget, Tip, Safari, Scriptaculous … [...]
you can also use new ActiveXObject(â€htmlfileâ€); in IE instead of an iframe (I know the popup method has been discuss for IE too). A link discussing the ActiveXObject(â€htmlfileâ€) can be found here: http://alex.dojotoolkit.org/?p=538