sandbox

I have an application ( http://localhost/MyApp ), where some of the parts are rendered through IFRAMES. These iframed parts has no business with the rest of the application's DOM, so I applied the sandbox attribute. The IFRAME is declared like this: <iframe src="/MyApp/en/html/action?id=1" sandbox="allow-forms allow-scripts" seamless="seamless"></iframe> The iframed page has a button that makes a AJAX call to the same web application, but then rather than a HTTP GET , the browser issues a HTTP OPTIONS that appears as Cancelled , and an error happens: XMLHttpRequest cannot load http://localhost

I have an app in the App Store and I want to test in-app purchases. I followed the steps described on the Apple website but I'm facing some problems. When I try to log in in the iTunes in my application or in Settings/iTunes & App Stores, I receive the error: iTunes account creation not allowed. This Apple ID cannot be used with the iTunes Store at this time. Please try again later I searched the internet but I found nothing about this. It seems like I am the first to encounter this kind of error. Looks like Apple has this poorly documented. Basically, you shouldn't log in with your sandbox

I use In App Payment to sell ingame consumables. After successfull payment I forward the payment receipt to my backend, which validates the receipt with the iTunes payment backend. This works flawlessly in the sandbox environment. Now I submitted my app so it can be approved by the Apple guys and be published in the App Store. Of course I made sure that my backend will be validating the payment receipts with the production environment of the itunes backend, because I expected the Apple guys to test the app in production mode. However, the app was rejected. As a reason I was told that the

I am using create_function to run some user-code at server end. I am looking for any of these two: Is there a way to sanitize the code passed to it to prevent something harmful from executing? Alternately, is there a way to specify this code to be run in a sandboxed environment so that the user can't play around with anything else. Thanks! http://php.net/runkit You could use the tonkenizer to figure out what the code will do, then whitelist certain functions and operations. I think it would end up being very difficult (or impossible) to make it foolproof, especially given PHP's flexibility: $f

I just started to use the Java ScriptEngine to do little extensions to my Application then i noticed that i can import all the java classes in the script and use them without restrictions. Is there a way to specify what classes a script can use? I dont want them to do things like java.lang.System.exit(1); Well, you seem to need to learn about the Java SecurityManager. That's a pretty large topic, you might want to read up on it and then post a more specific question if you have trouble making it work for you. instantsetsuna Use the Java Security Manager. Refer this answer for an example. I

I'm calling [[NSWorkspace sharedWorkspace] launchApplication:path]; From my sandboxed app, and I'm getting this error in the console: 9/5/11 12:23:12.462 PM lsboxd: refusing to spawn < PATH REDACTED > for 21383 - reason -10826 9/5/11 12:23:12.463 PM App: spawn_via_launchd() failed, errno=54 label=[0x0-0x1994993].MYApp path=< PATH REDACTED > flags=0 9/5/11 12:23:12.464 PM App: LSOpenFromURLSpec() returned -10810 for application < PATH REDACTED > (null). In other words, I'm clearly getting blocked by the "Launch Services Sandbox Daemon" (lsboxd) which doesn't think app 1 should be launching app

Bug reported as fixed by Apple, see accepted answer below ... UPDATE MON AUG 23rd 10:00 GMT Although the bug report with apple hasn't been closed yet, it now seems to be working (at least for a couple of us) OK. It could be they have nailed it, or the fix is in testing, and I'll report back when (if) I hear anything more from Apple. UPDATE FRI AUG 20th Just to say I've had an email back from Apple Engineering (21:20 GMT) and they have said: "Thank you for reporting this. We're aware of this issue and are currently working on a fix." So hopefully there will soon be a resolution! [ update to