| Both sides previous revision
Previous revision
Next revision
|
Previous revision
|
zac [2010/05/07 19:56]
aspectscript |
zac [2010/05/10 15:49] (current)
aspectscript |
| ====== ZAC ====== | ====== ZAC ====== |
| |
| ZAC is a library for access control in JavaScript based on [[/|AspectScript]]. ZAC combines very interesting features: dynamic enforcement of policies, extensible access control specifications, and a finer granularity level in which policies are enforced at the level of objects instead of pages/scripts. Al these features augment the precision of access control policies. | ZAC is a library for access control in JavaScript based on [[/|AspectScript]]. ZAC combines very interesting features: dynamic enforcement of policies, extensible access control specifications, and a fine granularity level in which policies are enforced at the level of objects instead of pages/scripts. All these features augment the precision of access control policies. |
| |
| AspectScript is available [[Download|here]]. The ZAC library can be downloaded from [[http://www.dcc.uchile.cl/~rtoledo/js/zac/ZAC.js|here]]. | ZAC is targeted to sites that want to prevent external code from interfering with their pages. Examples of such sites are iGoogle, My Yahoo, Web mashups, etc. |
| |
| Please visit [[http://www.dcc.uchile.cl/~rtoledo/js/zac/|this page]] to view ZAC in action. You can also interactively try ZAC in this page. Just write some JavaScript code, choose the restrictions you want to enforce and press “Run it!”. The code will be automatically transformed and executed in the interal frame below. The HTML code on the second textarea is also appended to the resulting page, so the JavaScript code can access it. | Below in this page you can try ZAC on-line. Additionally, we provide a Firefox extension that enforce ZAC policies at the client side. Despite not being this the main purpose of ZAC, it turns out to be an interesting application of the approach. |
| | |
| | ======= ZAC extension for Firefox (zac4firefox) ======= |
| | |
| | Download and install instructions for zac4firefox can be found [[zac/z4f|here]]. |
| | |
| | ======= Try ZAC ======= |
| | Please visit [[http://www.dcc.uchile.cl/~rtoledo/js/zac/|this page]] to view ZAC in action. You can also interactively try ZAC in this page. Just write some JavaScript code, choose the restrictions you want to enforce, and press “Run it!”. The code will be automatically transformed and executed in the interal frame below. The HTML code on the second textarea is also appended to the resulting page, so the JavaScript code can access it. |
| | |
| | In the sample code below, the alert function is called in four different ways: (1) a direct call, (2) an indirect call (using delegation), (3) another indirect call (using eval), and (4), a scheduled invocation. The four attempts end with an exeption if the restriction R_ALERT is active. Please notice that an exception is thrown when the first alert is about to be executed, so you will have to incrementally comment the calls to alert in order to test the remaining ones. |
| | |
| | (The exceptions thrown by ZAC can be observed in the "Error Console" of Firefox, or in the console of [[http://getfirebug.com/|Firebug]] if installed.) |
| |
| ======= Type your code in this text area... ======= | |
| <html> | <html> |
| | |
| setTimeout(function(){ | setTimeout(function(){ |
| alert("I'm evil (d)"); | alert("I'm evil (d)"); |
| }, 1000); | }, 500); |
| |
| </textarea> | </textarea> |
| <b>Displaying some alert dialogs!</b> | <b>Displaying some alert dialogs!</b> |
| </textarea> | </textarea> |
| |
| <br> | |
| <div style="text-align: center;"> | |
| <input style="font-size: 14pt;" type="submit" value=" Run it! "> | |
| </div> | |
| |
| <b>Restrictions to enforce: </b><br> | <b>Restrictions to enforce: </b><br> |
| <input type="checkbox" name="restrictions[]" value="R_ZAC_POLICIES">R_ZAC_POLICIES | <input type="checkbox" name="restrictions[]" value="R_ZAC_POLICIES">R_ZAC_POLICIES |
| </p> | </p> |
| | |
| | <br> |
| | <div style="text-align: center;"> |
| | <input style="font-size: 14pt;" type="submit" value=" Run it! "> |
| | </div> |
| |
| </form> | </form> |
| </html> | </html> |
| |
| |
| ======= ... And it will be executed here! ======= | |
| |
| <html> | <html> |
| <iframe name="exec_frame" src="" width="800" height="150"></iframe> | <iframe name="exec_frame" src="" width="800" height="150"></iframe> |
| </html> | </html> |
| | |
| | ======= Download ZAC ======= |
| | |
| | The ZAC library can be downloaded from [[http://www.pleiad.cl/aspectscript/external/zac/zac.js|here]]. ZAC is based on AspectScript, which is available [[Download|here]]. |
| |