From what I understand of the Sandbox action for ABE, it appears to be intended for XSS defence. You block all active content on the landing page so that the injected script can't run.
Would it be feasible to actually integrate this behavior with the XSS filter, so that (optionally) it could block active content when a suspected attack is found, instead of sanitising the request? So, the 'Sanitize cross-site suspicious requests' checkbox would become a pair of radio buttons, where you choose either 'Sanitize request' or 'Deactivate response'.
XSS filtering and Sandbox
XSS filtering and Sandbox
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0