google-caja
郜琦
同样是沙盒技术,还需要下载代码研究研究。
A source-to-source translator for securing Javascript-based web content
http://code.google.com/p/google-caja/
还可以参考这位仁兄的文章:http://mikewest.org/2008/12/some-thoughts-regarding-caja
The after is from:http://developer.yahoo.com/yap/guide/caja-support.html#what-is-caja
HOW DOES CAJA WORK?
Caja has two main parts:
- server-side translator
- client-side runtime support
The Server-Side Translator
The Caja translator rewrites arbitrary HTML and JavaScript into safe HTML and JavaScript, using white-list security principles, by
- Removing anything it doesn't understand
- Removing HTML and CSS that isn't on a white-list
- Modifying CSS rules, limiting them to a sandbox
<div> - Transforming JavaScript into forms known to be safe
The JavaScript transformation is the complicated part. It's basically a form of virtualization:
- Replaces references to real global variables with references to per-sandbox globals
- Rewrites references to
thisto prevent access to the real global scope - Replaces most JavaScript code with semantically similar code that has runtime checks for security
- Rejects some JavaScript code early, such as
with(obj){...}.
Here's an example transformation. This JavaScript source code:
- size = 3;
- function arf(geo, out) {
- var s4 = geo.compute(4 * size);
- var s5 = geo.compute(5 * size);
- out.value = (s4+s5)/2;
- return this;
- };
is cajoled into something like this:
- $v.so('arf', (function () {
- function arf$_caller($dis, geo, out) {
- var s4 = $v.cm(geo, 'compute', [ 4 * $v.ro('size') ]);
- var s5 = $v.cm(geo, 'compute', [ 5 * $v.ro('size') ]);
- $v.s(out, 'value', (s4+s5)/2);
- return $dis;
- }
- ___.markFuncOnly(arf$_caller, 'arf$_caller');
- return $v.dis(___.primFreeze(arf$_caller), 'arf');
- })());
- $v.so('size', 3);
类似资料: