As an administrator, you can enable security for non-trusted widgets. Commonly known as sandboxing
, this security mechanism prevents the widget from sending malicious code to the end user's host system by wrapping the widget in a secure iFrame within a different subdomain to isolate them from other widgets on the page..
Only widgets that comply with the iWidget Specification Version 1.0
can be sandboxed.
and HTML Markup
widgets, you cannot be sure that the code used through the widget has been tested thoroughly. In these cases, a risk exists because you cannot guarantee that scripts that users write for the widgets are not sending malicious code to the end user's host system, for example by grabbing cookies or modifying DOM nodes. As an administrator, you can take the necessary steps to prevent this risk by enabling security and sandboxing these widgets.
From a business user's point of view, non-trusted widgets behave exactly the same as trusted widgets on a page. The main difference between non-trusted and trusted widgets is what happens in the background. In Mashup Center, when you add a non-trusted widget to a page, Mashup Center wraps the widget inside of a secure iFrame. This prevents the widget from sending any malicious code to the host system.
When business users access widgets from a global palette, they cannot change the sandboxing flag. They can only change widget status from trusted to non-trusted or from non-trusted to trusted for widgets that they create themselves using the widget builder or non-sandboxed widgets they have added from the catalog. For more information about how business users can change the flag for their own widgets, see ../com.ibm.help.mashups.creator.doc/mash_creator_widgets_trust.html.
Sandboxed widgets currently do not display on the page when using Internet Explorer 6. Users receive an error message. As a workaround, we suggest that clients use a different browser.
For information about sandboxing for widget developers, see ../com.ibm.help.mashups.dev.doc/mash_dev_sandbox.html.
Parent topic: Administering widgets and gadgets