Difference between revisions of "Security Domains"
(Created page with "Nitro is a powerful scripting language which is streamable. This, however, means that somebody could potentially write some Nitro and change your scene to their benefit (or, f...") |
(→Unsafe Locations) |
||
| Line 9: | Line 9: | ||
* Only the body and head tags can contain scripts. | * Only the body and head tags can contain scripts. | ||
| − | Let's say you have a chat box. That chat box writes straight to innerHTML when the person hits enter. Let's also say you forgot to escape it - an easy mistake (especially if you'd like people to be able to write HTML anyway - security isn't the first thing that comes to mind). It won't be long until somebody tries to write some scripts. As those scripts are not written straight to the body or head tag, PowerUI will act like they're just not there. As a handy tip if you'd rather not rely on this feature, either write to textContent or use | + | Let's say you have a chat box. That chat box writes straight to innerHTML when the person hits enter. Let's also say you forgot to escape it - an easy mistake (especially if you'd like people to be able to write HTML anyway - security isn't the first thing that comes to mind). It won't be long until somebody tries to write some scripts. As those scripts are not written straight to the body or head tag, PowerUI will act like they're just not there. As a handy tip if you'd rather not rely on this feature, either write to textContent or use Dom.Text.Escape(theString); |
* Hard coded Nitro (like in your Resources folders) is always considered safe. Anything else, such as from the web, will display a "Nitro ignored" warning message. | * Hard coded Nitro (like in your Resources folders) is always considered safe. Anything else, such as from the web, will display a "Nitro ignored" warning message. | ||
Revision as of 16:45, 15 March 2017
Nitro is a powerful scripting language which is streamable. This, however, means that somebody could potentially write some Nitro and change your scene to their benefit (or, for example, give themselves some bonus points).
So, there's a trade-off which we put in your hands. You don't need to worry about this security issue unless you change the settings. That's because, by default, Nitro coming from unsafe locations is entirely disabled.
Unsafe Locations
If the Nitro does not originate from your project, it is considered unsafe:
- Only the body and head tags can contain scripts.
Let's say you have a chat box. That chat box writes straight to innerHTML when the person hits enter. Let's also say you forgot to escape it - an easy mistake (especially if you'd like people to be able to write HTML anyway - security isn't the first thing that comes to mind). It won't be long until somebody tries to write some scripts. As those scripts are not written straight to the body or head tag, PowerUI will act like they're just not there. As a handy tip if you'd rather not rely on this feature, either write to textContent or use Dom.Text.Escape(theString);
- Hard coded Nitro (like in your Resources folders) is always considered safe. Anything else, such as from the web, will display a "Nitro ignored" warning message.
Creating a security domain
You can restrict Nitro's access of certain classes by creating a security domain for a particular document. You can either set it up on either a blacklist or a whitelist basis - i.e. allow everything except for x, or allow only x.
For some guidance, look for the class called UIScriptDomainManager. It's the default (and very liberal) security domain and can be found here in PowerUI 2:
- Source/JavaScript/NitroV1/UIScriptDomainManager.cs
To define a custom security domain, you'll first need to derive from NitroDomainManager like this:
using System;
using Nitro;
public class MySecurityDomain : NitroDomainManager{
public MySecurityDomain(){
// Add a reference to a particular assembly/namespace:
// (The first dot means 'this' assembly)
AddReference(".PowerUI");
// None of the types will be allowed by default.
// You can either manually specify particular types that are allowed:
Allow("HtmlElement");
// Or whitelist all types in all references:
AllowEverything():
// Then block particular ones:
Block("UISecurityDomain");
}
}