Disclosed are examples of systems, apparatus, methods and computer program products for providing a security model for component-based web applications. Documents for a web-based application are received, with the application containing custom components and Application Programming Interface (API) components. A Document Object Model (DOM) is processed corresponding to the web-based application, with the custom and API components modeled in hierarchical form. For each custom component, a key is assigned in accordance with the rules of capability security, accessible custom components are identified for which the custom component can provide the assigned key, a virtual DOM is generated for the custom component with the component and identified accessible custom components being modeled in hierarchical form, and the custom component is prohibited access to all inaccessible custom components.
展开▼
