Simon Willison’s Weblog

Secure mashups with dojox.secure (via) dojox.secure is brilliant and terrifying at the same time. It provides a full featured API for running untrusted JavaScript in a sandbox, by parsing and validating that code against a variant of Douglas Crockford’s ADsafe JavaScript subset. It could be fantastically useful, but it’s difficult to judge how secure this approach really is. 24th September 2008, 4:08 pm

YUI 3.0 Preview Release 1. YUI sandboxing is a really good idea, which cleverly addresses both the need to run multiple versions of the library at once and the complaints about how verbose traditional YUI code can get. 14th August 2008, 10:03 am