This chapter will focus on the development of secure models for hosting third-party code or applications on an existing site or container. We will explore currently available tools that provide a sandboxed environment in which to run third-party code on an existing site. Specifically, we will look into two technologies:
Caja (pronounced “ka-ha”)
In addition to these two technologies, we will look at one of today’s most used approaches for sandboxing code, iframes, and what security issues their use introduces.