Securing third-party JavaScript code

Question

I'm building a system that allows multiple third-party plugins/gadgets conforming to the system's API to be run simultaneously on the page.

1. What is the best practice of securing or isolating these plugins from one another, aside from running them in separate iframes?
2. Should I design the API so that data fields of these plugins are private (essentially, hidden in their constructor's scope) and can only be read using the appropriate methods, or this would be merely an illusion of security, since a malicious plugin author could overwrite the victim's getter methods in order to fool whatever code that uses those methods for something?

Answer 1

Apps written for Social Networks require this type of security system. You should look at the the open source Caja Project.

Answer 2

Gettersetters are but one source of problems with attempting to limit JS code amongst many. Some are browser-specific. For example, the second eval argument in Firefox 3.0 would allow you to read the “private” variable directly.

JS simply isn't designed to provide for security boundaries inside a document. If you really need that, as The Rook says, you'll need to look at one of the existing safe-subset or little-language projects such as Caja.