by barbaz » Sat Jun 02, 2018 1:34 am
Sandbox means something like "allow the request, but prevent active content from running in the context of the response". This means that Sandbox applied to a top-level document or subdocument would block all active content in that page, as if you had set NoScript's script permissions to block all sites on that page. But Sandbox applied to an image or a JS file wouldn't do anything. The latter case (JS file) is a slightly tricky one. Although the JS file is itself active content, active content in a webpage runs in the context of the
webpage, not the individual JS files it calls. So blocking active content from running in the context of the JS file itself won't actually block anything, because there isn't anything to block there.
Does this explanation help?
EDIT oops, GµårÐïåñ beat me to it
Sandbox means something like "allow the request, but prevent active content from running in the context of the response". This means that Sandbox applied to a top-level document or subdocument would block all active content in that page, as if you had set NoScript's script permissions to block all sites on that page. But Sandbox applied to an image or a JS file wouldn't do anything. The latter case (JS file) is a slightly tricky one. Although the JS file is itself active content, active content in a webpage runs in the context of the [i]webpage[/i], not the individual JS files it calls. So blocking active content from running in the context of the JS file itself won't actually block anything, because there isn't anything to block there.
Does this explanation help?
EDIT oops, GµårÐïåñ beat me to it :)