We talked before about Microsoft’s web sandbox here. Web Sandbox is using a common technique called “virtualization”, so the javascript code instead of being executed directly in the browser is executed in the “sandbox” first. The sandbox runs in any modern browser: IE7/8, Firefox 2/3, Chrome, Opera. It is doing this by injecting this layer between the html page (with css, javascript etc) and the browser. This virtualized layer transforms the code into an “executable” entity that will run in the sandbox. The sandbox then checks for security issues by running the javascripts.

Just the other day, Microsoft released much of the source code for the Web Sandbox project available under the Open Source Apache License 2.0. Web Sandbox project is not sponsored or endorsed by the Apache Software Foundation and is not an ASF project.). 

You can track the latest changes in the discussion forum.

Web Sandbox is a project from Microsoft Live Labs, a group focused on Internet technologies. It tries to solve a problem all web 2.0 sites have: Mashup security. Mashup is when you include a 3rd party script in your page, like for example maps - almost no effort to include on your website. 

Web Sandbox is using a common technique called “virtualization”, so the javascript code instead of being executed directly in the browser is executed in the “sandbox” first. The sandbox runs in any modern browser: IE7/8, Firefox 2/3, Chrome, Opera.

It injects this layer between the html page (with css, javascript etc) and the browser. This virtualized layer transforms the code into an “executable” entity that will run in the sandbox. The sandbox then checks for security issues by running the javascripts.

The intercepting layer is inserted through a code transformation. By default this transformation executes server side. Alternatively, when Silverlight is installed, the transformation could also execute client-side, thus saving the round-trip to the server.

Check it out: http://websandbox.livelabs.com/