Neil Mix is running a nice series of posts about potential problems with FBJS, Facebook’s effort to sandbox JavaScript in such a way that developers can safely use it:
Thus far I’ve found six security holes in FBJS. I’m sure there are many more, it’s just a matter of finding time to find the holes. To Facebook and Marcel’s credit, they are aggressive about fixing the holes that I find. So while I might complain that the approach of sandboxing-plus-code-generation isn’t an acceptably secure strategy, I’m reassured that they take the issue of security seriously.
I had the honor of working alongside Neil for a short time…several…years ago; Pandora is lucky to have him on board!
September 6, 2007 at 1:28 pm
Hi Pete! Nice post.
Drop me an email sometime, would love to catch up…