2014-07-27 18:14 GMT+02:00 Mark S. Miller <erig...@google.com>: > Although there is some interesting work in trying to obtain security > relevant guarantees from a script that isn't first, where a malicious > script may instead have been first (link please if anyone has it), this > work did not seem practical to me. >
Not sure if this is what you had in mind, but Sergio Maffeis has been working on something along these lines: DefensiveJS (DJS) http://www.defensivejs.com "DJS is a defensive subset of JavaScript: code in this subset runs independently of the rest of the JavaScript environment. When propertly wrapped, DJS code can run safely on untrusted pages and keep secrets such as decryption keys." Cheers, Tom
_______________________________________________ es-discuss mailing list es-discuss@mozilla.org https://mail.mozilla.org/listinfo/es-discuss