3

I want to start some Isolate, which manipulates a specific area in my webpage. To achieve this, I create such an Isolate via the function SpawnDomUri, which is able to access the DomTree. Apparently, some malicious/erroneous Isolate may change the whole webpage, which may not be desirable.

So my question is:

Is it possible to restrict the access of a Dom-Isolate ( which is started via SpawnDomUri ) to a specific Dom-Node ( incl. ShadowRoots )?

Best Regards, Alex

Alex R.
  • 205
  • 1
  • 10
  • Have you had any succes? See also this (my) question: http://stackoverflow.com/questions/24855276/loading-html-in-the-current-dom-and-execute-a-loaded-script – voscausa Jul 21 '14 at 00:17

2 Answers2

1

I don't think this is possible. I once saw an experiment from MS to try and allow this sort of sandboxing; but I don't believe it's something any major browsers have ability to do today.

Most people tend to use iframes to isolate them in this way (rightly or wrongly!).

Danny Tuppeny
  • 40,147
  • 24
  • 151
  • 275
0

The only solution that comes to my mind is to use a non-DOM-Isolate and expose an API on the root isolate that can be accessed by sending messages that only exposes/executes allowed invocations.
This is of course very cumbersome but as Danny said there is no direct support for your requirement.

Günter Zöchbauer
  • 623,577
  • 216
  • 2,003
  • 1,567
  • It should be possible to build a library to abstract the cumbersomeness away. In essence, this is what pNaCl (Native Client) does on Linux. It runs your program in a process that cannot perform any syscalls except reading and writing into a file descriptor it is given access to. Chrome reads the messages, evaluates if what is requested should be permitted, and if so, it performs the syscall. https://en.wikipedia.org/wiki/Seccomp – user7610 May 31 '15 at 09:26
  • There is a lot that is possible, but someone has to implement it ;-) – Günter Zöchbauer May 31 '15 at 09:29
  • 1
    Yep, thats the infamous Turing tarpit. Everything is possible but nothing of interest is easy. At least until we have a lot of building blocks in place. Look at NaCl, what a complicated beast it is and how much people had to work on it for how many years to get it where it is now. Doing web pages is easy only because people spent over a decade and half building web browsers and so on. – user7610 May 31 '15 at 09:39