ADsafe: JSLint powered safe JavaScript widget framework for ads and mashups

Douglas Crockford, author of JavaScript: The Good Parts and creator of JS Lint (featured in Episodes #26 and #46), wants to apply his Chuck Norris-style skills to protect the web from rogue widgets and ads.

Logo

ADSafe locks down guest script access to global variables and other page information and provides safe, indirect access to certain items via an ADSAFE object. ADSafe blocks or modifies access to:

  • Global variables - ADsafe’s object capability model prohibits the use of most global variables. Limited access to Array, Boolean, Number, String, and Math is allowed.
  • this - If a method is called as a function, this is bound to the global object. Since ADsafe needs to restrict access to the global object, it must prohibit the use of this in guest code.
  • arguments - Access to the arguments pseudo-array is not allowed.
  • eval - The eval function provides access to the global object.
  • with statement - The with statement modifies the scope chain, making static analysis impossible.
  • Dangerous methods and properties: arguments, callee, caller, constructor, eval, prototype, stack, unwatch, valueOf, and watch - Capability leakage can occur with these names in at least some browsers, so use of these names with . notation is prohibited.
  • Names starting or ending with _ - Some browsers have dangerous properties or methods that have a dangling _.
  • [ ] subscript operator except when the subscript is a positive numeric literal or string literal - Lookup of dynamic properties could provide access to the restricted members. Use the ADSAFE.get and ADSAFE.set methods instead.
  • Date and Math.random - Access to these sources of non-determinism is restricted in order to make it easier to determine how widgets behave.

An example ADSafe widget provides a <div> and enclosed <script> tag that uses the ADSAFE proxy object:

<div id="WIDGETNAME_">
   html markup required by the widget
<script>
ADSAFE.go("WIDGETNAME_", function (dom) {
    "use strict";

// This is where the code for the widget is placed. It can access
// the document through the dom parameter, allowing it indirect
// access to html elements, allowing it to change content, styling,
// and behavior.

});
</script>
</div>

ADSafe also allows loading approved external libraries:

<div id="WIDGETNAME_">
    html markup required by the widget
<script>
ADSAFE.id("WIDGETNAME_");
</script>
<script src="ADsafe approved url"></script>
<script>
ADSAFE.go("WIDGETNAME_", function (dom, lib) {
    "use strict";

// This is where the code for the widget is placed. It can access
// the document through the dom parameter, allowing it indirect
// access to html elements, allowing it to change content, styling,
// and behavior.

// Each library file can give itself a name. This script can access
// the library file as lib.name.

});
</script>
</div>

The source provides additional templates for creating ADSafe library modules and widgets. Be sure and check out the project web site for documentation on the ADSAFE object and other advanced usage.

[Comment on HackerNews]

[Source on GitHub] [Web site]

News Films

Our little film studio focuses on telling developer-centric stories that need to be seen.

Beyond Code: Season 3 / GopherCon 2015

 
0:00 / 0:00