Y
Hacker News
new
|
ask
|
show
|
jobs
by
codejoust
5320 days ago
How about running the facebook javascript in a sandbox? Such as proxying the document.createElement and document.getElements* methods for the initial script while breaking it for everything else?
1 comments
mkjones
5320 days ago
That's a good idea, and we actually thought about that. But assuming we need those APIs, what's to keep them from calling our wrappers around them?
Put another way, how do we determine if the caller of some of our js is malicious or is us?
link
jQueryIsAwesome
5320 days ago
It just needs to be non-predictable. Give the wrapper object and ALL his methods a random name for every session.
link
Put another way, how do we determine if the caller of some of our js is malicious or is us?