top | item 30964343

(no title)

I know about CSP and iFrames, but I think they aren't ergonomic enough to be used as mechanisms to restrict deps right?

Iframes need a full web context whilst CSP cant target individual code blocks. For example, I might want my code to be able to do alerts, but I dont want dependency x to be able to.

EDIT: Ah I think thats what you meant by your "code in a sandboxed iframe thing". Fair.

discuss

No comments yet.