I'm coding a js API that is going to be used by external customers and executed by my customers in their web browsers.
As this is potentially harmful for my web users (security holes etc.), I'd like to allow or disallow access to, at least, the document global variable and others like the XMLHTTPRequest API.
How can I do this?
EDIT:
I was thinking on doing things like document = null on a wrapper to the functions the API users write, but it doesn't work. Also, using this kind of approach it is difficult to be thorough as there are too many workarounds and too many possibilities to take in account all of them.
The Caja Compiler is a tool for making third party HTML, CSS and JavaScript safe to embed in your website. It enables rich interaction between the embedding page and the embedded applications. Caja uses an object-capability security model to allow for a wide range of flexible security policies, so that your website can effectively control what embedded third party code can do with user data.
JavaScript, the programming language of the web browser, is not a secure language. Any script in a page has intimate access to all of the information and relationships of the page. This makes use of mashups and scripted advertising unacceptably risky.
ADsafe makes it safe to put guest code (such as third party scripted advertising or widgets) on a web page. ADsafe defines a subset of JavaScript that is powerful enough to allow guest code to perform valuable interactions, while at the same time preventing malicious or accidental damage or intrusion. The ADsafe subset can be verified mechanically by tools like JSLint so that no human inspection is necessary to review guest code for safety. The ADsafe subset also enforces good coding practices, increasing the likelihood that guest code will run correctly.