ADsafe

ADsafe
ADsafe removes features from JavaScript that are either unsafe or grant uncontrolled access to unsafe browser components or that contribute to poor code quality. The removed features include

* Global variables
o ADsafe's object capability model prohibits the use of most global variables. Limited access to Array, Boolean, Number, String, and Math is allowed.
* this
o If a method is called as a function, this is bound to the global object. Since ADsafe needs to restrict access to the global object, it must prohibit the use of this in guest code.
* eval
o The eval function provides access to the global object.
* with statement
o The with statement modifies the scope chain, making static analysis impossible.
* Dangerous methods and properties: apply arguments call callee caller constructor eval prototype unwatch valueOf watch
o Capability leakage can occur with these names in at least some browsers, so use of these names with . notation is prohibited.
* Names starting with _
o Some browsers have dangerous properties or methods that start with _.
* [ ] subscript operator except when the subscript is a numeric literal
o Lookup of dynamic properties could provide access to the restricted members. Use the ADSAFE.get and ADSAFE.put methods instead.
* Date and Math.random
o Access to these sources of non-determinism is restricted in order to make it easier to determine how widgets behave.