The browser sandbox is the key feature that makes browsing on the web frictionless by making it safer to run arbitrary code. How about when someone sends you a URL saying "check out this blog post"? You would probably click on it without asking questions like "What kind of JavaScript will this site download?". If someone told you "Hey! Download and run this application!", you might pause to think if that application comes from a trusted source, read up on the application vendor, or check reviews carefully. This is because of a sandbox feature called same-origin Why is a sandbox necessary? #Įvery day, users of the web download arbitrary code and execute it on their computer or phone multiple times. For example, JavaScript can add and modify elements on the page but might be restricted from accessing an external JSON file. Just like the physical sandbox at a playground where kids can create anything they want within the boundary without making a mess elsewhere, application code has the freedom to execute within a restricted environment. A sandbox is a security mechanism used to run an application in a restricted environment. Modern web browsers are built on the idea of a "sandbox". The idea of a "sandbox" # Figure: Browser as a sandbox Some are available for developers to opt-in, and some are turned on by default to protect users. Luckily, on the web, the browser provides many security features. To defend against attacks, a developer needs to mitigate vulnerabilities and add security features to an application.
0 kommentar(er)
