|
|
|
|
|
|
by moonboots
5083 days ago
|
|
|
A solution going forward to contain 3rd party javascript is HTML5 sandbox iframe. This allows declaring a whitelist of permissions 3rd party code should be granted. Only about 40% of browsers support this feature [1]. For unsupported browsers, the external javascript continues working without the security guarantees, so it's no worse than the situation now. [1] http://caniuse.com/#feat=iframe-sandbox |
|
|