My client has a webpage that embeds banner ads from a third party. Occasionally one of these banner ads will include intrusive/malicious javascript, usually creating alerts/popups. He has no way of validating the ads' javascript as the ads are injected by his host. I am wondering if there is a way for him to sandbox the untrusted javascript within the webpage in order to ensure that the banner ads will only do unintrusive things (relatively speaking) like having the monkey dance on a mouseover.
Asked
Active
Viewed 79 times
1
-
Can he control where the ads are placed? – Scimonster Jun 04 '15 at 16:01
-
@Scimonster Yes, he puts placeholders in the webpage that are filled by the host, so he's able to surround these placeholders by iframes etc – Zim-Zam O'Pootertoot Jun 04 '15 at 16:03