As every other developer and their dog, I crash from time to time in SO for answers to questions of Life, the Universe and Everything Else.
The other day I came across a question that had a button I hadn't seen before. The button was below a code snippet, and when I clicked it, the snippet executed against an HTML5 sandboxed iframe inserted in the post:
I found this so AWESOME that I had to search the origins of it. And I fell into this Stack Overflow post that explains it all.
When I read how they do it, it reminded me of a recent CodePen podcast where the creators of the site explained how they create a secure environment for the execution of scripts. Basically:
- They use HTML5 sandboxed iframes in order to prevent many forms of malicious attack.
- They render the Snippets on an external domain (stacksnippets.net) in order to ensure that the same-origin policy is not in effect and to keep the snippets from accessing your logged-in session or cookies.
It's gonna be great to be able to see the results of a snippet without having to copy and paste and save and compile and run in your own computer :-)