This forum is for the discussion of topics related to the Web Sandbox project from Microsoft Live Labs. Use it to interact with the Web Sandbox team, comment on the approach, make suggestions, or just browse other conversations. Note 4/18/2011! This forum has been archived and is no longer active.
August 11, 2010
This update focuses on a few performance issues.
- Only initialize the window once, not for each sandbox instance.
- Fix to work-around WebKit's CSS DOM performance issues (huge performance improvement).
- Fix global stylesheet clean-up.
- Fix to more accurately test that a method is natively implemented versus defined by the Host Page (reduces potential for conflict between the sandbox and outer page).
July 21, 2010
This is a fairly large update to improve support for common web frameworks and libraries. Below highlights a few of the fixes
- Fixes for input elements including
<button type="...">support and IE's
- Added support for
- NamedNodeMaps can access members by member name (similar to the fix for getComputedStyle above).
- Fixed support for cancelling a hyperlinks default action by returning false to the event.
- Executing a regular expression against a regular expression type now works.
- Fixed issues with prototype inheritance. This should fix the extend pattern used by most frameworks.
- Event object fixes including relatedTarget and added custom property support to the event object.
- Support for hasOwnProperty method.
- Default value of calculated opacity is now 1 in all browsers.
- Support for getBoundingClientRect.
- Fixed a dynamic script loading timing issue to support YUI's dynamic loader.
- Support for invoking document.all() as a method in addition to the traditional  notation.
- Fix bug in the scoping of Array.forEach.
- Support for HSL and HSLA colors (passes through to the browser so assumes browser support)
- Support for more CSS3 background properties.
- Support for textContent and getElementsByClassName on browsers that have native support.
- A number of other minor bug fixes.
June 29, 2010
This update focuses on the CSS.
- CSS2 attribute selectors are now parsed.
- RGB and RGBa values are now parsed.
- Rounded corners and box-shadows (including the webkit and mozilla proprietary equivalents) are now enabled.
- In Internet Explorer, all samples are run in the latest browser mode (Sandboxed Canvas not working in IE9 is a known issue).
June 25, 2010
We are working on improving the fidelity of the original document structure. This update includes the following changes:
- We are working on properly supporting the DOM for head elements. This update supports the TITLE, META, and SCRIPT elements. Script elements are properly represented relative to their document location.
- The document
listscollections are now properly supported.
- Line-breaks in TEXTAREA and PRE elements are fixed.
- For the media attribute on LINK and STYLE elements, only sheets that target the screen or all media types are supported. Print stylesheets are on our TODO list.
- Other small bug-fixes in prototype chain handling.
May 25, 2010
Below are some of the highlights:
- Every method by definition exposes its corresponding property.
- Enable Firefox'es funky
if (documennt.all) // return falsetest even though document.all is supported.
- Better support for routing keyboard events to the document.
- Fixes to support JQuery better (still a work in progress).
- Improved inner/outerHTML, regular expression, and mouse positioning support.
- Support for Canvas (requires browser support).
March 1, 2010 - Catching Up!
Over the past few months, we have been quietly updating the Sandbox script. Below highlights some of the more significant changes:
- Lots of bug fixes (e.g., getVarDate, NaN.toString(), regular expression issues, prototype inheritance, styling input elements, and more).
- Added better host integration events (onbeforeqos, onxmlrequest, onerror, onformsubmit, and more). We are working on the host integration documentation.
- Introduced a new isolate policy that matches the IFrame behavior providing full isolation of content from the surrounding page.
- Basic support for the IFrame element. IFrame contents are now generated and encapsulated in their own sandbox.
- Enable support for dynamically loading the sandbox library.
- Huge performance improvements for processing stylesheets and the initial HTML.
Work items and current limitationsThe following items represent work in progress. Consequently until we check them off they could be regarded as current limitations. They are due to our implementation rather than the sandbox architecture.
- The gadget's HTML must be well-formed.
- document.write is partially implemented and not fully debugged.
- The XML proxy allowing gadgets to invoke back-end services is not enabled (now supported!).
- The Dynamic loading of script is unsupported (now supported!).
- Silverlight and Flash objects are unsupported.
- Depending on operations, the performance overhead varies between 1.5 and 4 times.
Should you run into other unexpected surprises we either missed something from the above list or you discovered a bug. Keep us posted.
Web Sandbox available under the Open Source Apache License 2.0Today, we are announcing that we are making much of the source code for the Web Sandbox project available under the Open Source Apache License 2.0.
Since the initial release of Web Sandbox we have received a great deal of feedback from the web security community. We have also been collaborating with a number of customers, partners and the standards communities that would like to adopt the technology when it is ready. Our goal is to achieve widespread adoption of Web Sandbox and to help foster interoperability with complementary technologies like script frameworks.
See the Web Sandbox site for additional licensing details. Thank you for your input to the project so far, and we are excited to continue our collaboration with you.
(Note: While we are using an Apache License, the Web Sandbox project is not sponsored or endorsed by the Apache Software Foundation and is not an ASF project.)
Filtering and SortingUse these options to narrow down the question and discussion list.
- 17931Geno49 Thursday, September 24, 2009 4:58 PM
- 011677Ajit Nayak Tuesday, April 12, 2011 6:15 AM
- 210868Lavinski Monday, March 14, 2011 3:12 AM
- 38093hasp2011 Thursday, March 03, 2011 10:16 AM
- 05507Tba55 Sunday, February 13, 2011 5:03 PM
- 06491Patrick119 Tuesday, January 25, 2011 10:38 PM
- 15627Taemin Kim Thursday, December 30, 2010 8:25 AM
- 06299JB055 Sunday, January 02, 2011 7:19 PM
- 04891Taemin Kim Thursday, December 30, 2010 8:20 AM
- 05885Fabio_Matias Friday, November 26, 2010 4:09 PM
- 05637krishna1986 Thursday, November 25, 2010 6:18 AM
- 16897jmfreier Friday, November 05, 2010 6:59 PM
- 05725jmfreier Friday, November 05, 2010 6:58 PM
- 05573Sikander Mirza Friday, October 29, 2010 2:05 PM
- 06389casatiello Monday, October 25, 2010 1:18 PM
- 07100tmcgladrigan Saturday, October 16, 2010 1:00 AM
- 06788Sudarshan Patil Wednesday, September 29, 2010 12:38 PM
- 06589dirtywindows Tuesday, September 21, 2010 4:26 PM
- 06751IAdeveloper Tuesday, September 14, 2010 2:05 PM
- 39064lharder Monday, February 02, 2009 9:48 PM