How to limit access to a javascript object?

I was watching a video on making a good javascript application infrastructure. Basically what it said was:

• Your application consists of components
• Components are parts of the page that can act on their own.
• components can be registered into te application.
• upon registration, they get their own sandbox.
• A sandbox is an component's interface to the application core.
• The core is built on top of a javascript library.
• Components only have access to their sandbox, not to other components, nore the core or the underlying library.

Now, what I'd like to make is an application where you can easily make new components. Components have their own part on tha page, their own div in which they can work. And here comes the first part of my question: I want to give these components a copy of the jQuery object, but that has an internal restriction applied so that it can only work inside a certain containing e开发者_如何学运维lement.

The second part is,that even if a component has limited access to the DOM using jquery, it can still access the document. I have tried both setting Window and Document to null, before running my test script, but the browser doesn't allow this. Is there any way that I can truly restrict the possibilities of an object to the methods of 1 object that I pass to it?

You're mis-understanding the point here. The intention isn't "make it 100% imposible for a component to acces anything it shouldn't". The ONLY way to do that is the insanely complicated step that Facebook took which is to parse the JS/HTML code and re-write it to dis-allow certain references, etc. I'm betting it took their dev team 1,000+ hours to do and there are still holes in it.

Basically the intention is to give each component a sandbox to play with and then say "please only use this". The authors then comply with the request.

Your sole other option is iFrames, in which case a component can do whatever it wants and it won't effect anything (assuming you're on a different sub-domain and you provide a parent-window proxy).