Microsoft releases Web Sandbox under open source

Microsoft has made source code for its Live Labs Web Sandbox project for securing Web content through isolation available via open source under the Apache License 2.0, according to a report this week on Microsoft’s Port 25 site.

Web Sandbox features technology for mashing up code while maintaining process isolation, quality of service protection, and security. It is intended to address a problem in which Web gadgets, mashup components, advertisements, and other third-party content on Web sites either will run full trust alongside content or are isolated inside of IFrames. This results in many Web applications being intrinsically insecure with unpredictable service quality.

Since announcing the technology preview at Professional Developer Conference 2008 in Los Angeles in October, Microsoft has open-sourced the Web Sandbox framework and is partnering with industry leaders to evolve Web Sandbox into an industry-wide solution, Microsoft said.

Microsoft is looking for developers to experiment with Web Sandbox, even including samples so developers can try to break the Sandbox.

“Since the initial release of Web Sandbox we have received a great deal of feedback from the Web security community. We have also been collaborating with a number of customers, partners, and the standards communities that would like to adopt the technology when it is ready. Our goal is to achieve widespread adoption of Web Sandbox and to help foster interoperability with complementary technologies like script frameworks,” Microsoft Live Labs said on its Web Sandbox Web page.

Although Microsoft is using an Apache license for the project, it is not sponsored or endorsed by the Apache Software Foundation, Microsoft said. The company last year became a sponsor of the foundation.

Web Sandbox builds upon Microsoft’s experience with DHTML, Windows, Windows Live Web-based gadgets, and the Microsoft BrowserShield project, which leverages JavaScript virtualization through rewriting.