Hi all I thought I'd share an update of my mental js work. I have since reduced the parse time of mental and now added a DOM sandbox that uses ES5 to allow safe manipulation of the DOM. This is so cool because it means that mental can take control over your dom and then we can choose what we allow. Want to restrict images to same origin? No problem, want to prevent script nodes from the ability to call external resources no problem :)
There's a cool demo on modsecurity where they have an injection hole and inject mental into the response to prevent harmful xss. http://www.modsecurity.org/demo/demo-deny-noescape.html?test=%3Cscript%3Ealert%28location%29%3C%2Fscript%3E I managed to get the parse time of jQuery to min of 24ms on chrome, on Firefox it can parse and sandbox jQuery in about 90ms although there are a couple of problems with the selectors which I need to debug. Any comments or suggestions are welcome. Cheers Gareth
_______________________________________________ es-discuss mailing list es-discuss@mozilla.org https://mail.mozilla.org/listinfo/es-discuss