Paradigm | object-capability |
---|---|
Designed by | Douglas Crockford |
First appeared | 2007[1] |
Influenced by | |
Javascript | |
Influenced | |
Caja project |
ADsafe is an object-capability subset of Javascript. From the project's home page[1]:
ADsafe makes it safe to put guest code (such as third party scripted advertising or widgets) on a web page. ADsafe defines a subset of JavaScript that is powerful enough to allow guest code to perform valuable interactions, while at the same time preventing malicious or accidental damage or intrusion. The ADsafe subset can be verified mechanically by tools like JSLint so that no human inspection is necessary to review guest code for safety.
ADsafe is significant for being a relatively simple object-capability subset language. Unlike Caja, another system for sandboxing Javascript code, ADsafe does not do source-to-source rewriting of Javascript, but uses a source code verifier.
References
edit- ^ Early post about JSLint's ADsafe feature to the caplet mailing list, Douglas Crockford, 2007/09/30, retrieved 2009/11/21.