Paid Advertising
web application security lab

Live Labs Web Sandbox

This post has been sitting in my to-post-about file for ages. I don’t know why it took me this long since thankfully, it’s one of the few things that I don’t actually have to research to post about (which is rare for me, actually). Anyway, almost exactly a year ago the Microsoft Live Labs group came to me and asked me to check out their web sandbox. Unlike Content Restrictions which is browser specific and still not available publicly, Live Labs tries to solve the problem of allowing rich user content by way of an API that blocks all known bad inputs.

It was written, in large part, by Scott Isaacs, who was one of the original guys who worked on the JavaScript engine within IE - so he knows what’s he’s talking about. The upside is that I wasn’t able (in the admittedly small amount of time I looked at it) to get around the filter. It may be possible to do, especially as technology changes, but it certainly wasn’t straight forward. I’m sure the Live Labs team would love feedback if someone was able to. The down side is that this is an API that you must send your data through. So it’s not on-page entirely, as it must go through a filter that they’ve developed server-side. If you can get around that one barrier, it’s a pretty slick little tool. I’m sure they’d appreciate feedback.

One Response to “Live Labs Web Sandbox”

  1. dusoft Says:

    I am getting this on Firefox:

    Connection Interrupted
    The connection to the server was reset while the page was loading.
    The network link was interrupted while negotiating a connection. Please try again.