|
|
|
|
|
|
by mqzaidi
4701 days ago
|
|
|
Iframe sandboxing is the solution - removing allowscripts permission will fix this. http://www.html5rocks.com/en/tutorials/security/sandboxed-if... Now it may be argued that genuine Rich HTML ads do need javascript, for example, to expand or interact with the page. To me, the solution to this is to limit what sort of javascript is allowed to run. We need an mraid.js for the web, which specifies the subset of javascript that could be run. I don't think it will happen until there is a major attack. Other than botnets, javascript can mess with cookies, steal data, and do a lot of damage. |
|
|
https://developers.google.com/caja/