Slowparse should be able to report security violations #25

Closed
toolness opened this Issue Apr 27, 2012 · 1 comment

Projects

None yet

1 participant

@toolness

Webpagemaker mandates that users can't include JS in their HTML. It's likely that other sites might prohibit the use of JS too.

We should make an optional "plugin" for Slowparse that allows the use of JS to be reported as errors, so that users get instant feedback informing them that what they're writing won't work. We should encourage UIs built on top of Slowparse to also point the user to sandbox sites that do allow the use of JS when users try writing it.

Note that such a plugin should not actually be advertised as a sanitizer; merely a way to provide instant feedback warning that future sanitization by another agent will prevent the user's code from executing when they publish or share it.

I added the plugin in 01a2cef and integrated it into the demo editor in 2b4f2c9. A docco annotation of the plugin's source can be viewed here.

@toolness toolness closed this Apr 27, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment