How Does JsFiddle Allow And Execute User-defined JavaScript Without Being Dangerous?

August 20, 2022 Post a Comment

I've been working on a JS library and would like to setup a demo page on Github that allows, for example, users to define their own callbacks and execute commands. I know 'eval()

Solution 1:

jsFiddle executes user scripts on a separate domain, http://fiddle.jshell.net (try it and see).
Therefore, it can't interact with the parent frame and it can't steal cookies.

You can actually do this without a separate server by placing a static page in a separate domain that reads from its querystring in Javascript.
You can communicate back using the page title (and so can the enemy).

Baca Juga

How To Encrypt Data In Javascript And Decrypt In Php?
How To Hide Or Secure Javascript Code From Client Side
How Do I Secure Socket.io?

JavaScript Exercises

How Does JsFiddle Allow And Execute User-defined JavaScript Without Being Dangerous?

Solution 1:

Post a Comment for "How Does JsFiddle Allow And Execute User-defined JavaScript Without Being Dangerous?"