Modern website development is highly dependent on third party code. Its use has allowed many website developers to punch above their weight, and build rich functionality in their websites that they could not have done by themselves. These advantages carry risks since third party code operates with the same privileges as the code written by the website’s developers.
This project examines a method developers can protect their websites from untrustworthy third party code. It is able to mediate access to the most dangerous privileges, work in current and many legacy browsers, and is designed using academically accepted security principles.
This paper starts by exploring web technologies and the problem relating to third party code faced by website developers. It will then introduce the requirements for a potential solution aiming to solve the problem and past academic research in that area. Finally, it will introduce a real solution, implemented as a prototype, than can be used immediately to improve a website’s security.