Computer device and method for selective content isolation

The invention claimed is: 1. A computer device comprising: a network interface; a memory configured to store computer readable instructions; and a processor coupled to the memory and the network interface, and configured to execute the computer-readable instructions, the computer-readable instructions being configured, upon execution by the processor, to cause the processor to: receive in an isolated execution environment, from an application instance outside of the isolated execution environment, a first request comprising a first content resource identifier; determine based on a content access policy a restricted status of the first content resource identifier; obtain in the isolated execution environment via the network interface first requested content using the first content resource identifier; responsive to determining the restricted status of the first content resource identifier, generate in the isolated execution environment replacement content based on the first requested content; output the replacement content to the application instance; receive from the application instance a second request comprising a second content resource identifier; determine based on the content access policy an unrestricted status of the second content resource identifier; obtain in the isolated execution environment via the network interface second requested content using the second content resource identifier; and responsive to determining the unrestricted status of the second content resource identifier, output the second requested content from the isolated execution environment to the application instance outside of the isolated execution environment. 2. The computer device of claim 1 , wherein the computer-readable instructions are configured to cause the processor to render the first requested content within the isolated execution environment, and generate the replacement content based on rendering the first requested content. 3. The computer device of claim 1 , wherein the replacement content comprises an image of the first requested content as rendered within the isolated execution environment. 4. The computer device of claim 3 , wherein the computer-readable instructions are configured to cause the processor to: receive, from the application instance, an indication of a selected image location within the image, determine, based on the indication of the selected image location, a corresponding action defined in the first requested content, and perform the corresponding action within the isolated execution environment. 5. The computer device of claim 1 , wherein the restricted status of the first content resource identifier is determined based on the content access policy applied to first resource metadata about the first content resource identifier. 6. The computer device of claim 1 , wherein the first resource metadata comprises at least one of: a domain with which the first content resource identifier is associated, and a content resource type associated the first content resource identifier. 7. The computer device of claim 1 , wherein the first requested content is obtained responsive to associating the restricted status with the first content resource identifier. 8. The computer device of claim 1 , wherein the unrestricted status of the second requested content resource is determined based on the content access policy applied to second resource metadata about the second requested content resource. 9. The computer device of claim 1 , wherein the computer-readable instructions are configured to cause the processor to: receive from the application instance a third request comprising a third content resource identifier; determine based on the content access policy a blocked status of the third content resource identifier; and output to the to the application instance an indication that the third request is blocked. 10. The computer device of claim 1 , wherein the isolated execution environment is a sandbox or virtual machine. 11. The computer device of claim 1 , wherein the first request is received from a remote device on which the application instance is executed. 12. The computer device of claim 1 , wherein the application instance is a first web browser instance operable to run outside of the isolated execution environment. 13. The computer device of claim 12 , wherein the computer-readable instructions are configured to cause the processor to execute within the isolated execution environment a second web browser instance configured to receive the first request and determine the restricted status. 14. The computer device according to claim 1 , wherein the computer-readable instructions are configured to cause the processor to obtain the content access policy from a policy service using a user authentication token. 15. The computer device of claim 1 , wherein the computer-readable instructions are configured to cause the processor to: receive from the application instance an indication of an action pertaining to the first content; and reject the action based on a session policy applied to the first requested content. 16. The computer device of claim 1 , wherein the replacement content comprises a modified version of the first requested content modified having a piece of script removed. 17. A computer-readable memory storing computer-readable instructions configured, upon execution by a processor, to cause the processor to: generate a sandbox environment; receive from an application outside of the sandbox environment a first content request comprising a first content identifier; determine based on a content access policy a restricted status of the first content request; obtain in the sandbox environment, from a first content resource outside of the sandbox environment, first content using the first content identifier; responsive to determining the restricted status of the first content request, generate replacement content based on the first content; output the replacement content from the sandbox environment to the application outside of the sandbox environment; receive from the application a second content request comprising a second content identifier; determine based on the content access policy an unrestricted status of the second content request; obtain in the sandbox environment, from a second content resource outside of the sandbox environment, second content using the second content identifier; and responsive to determining the unrestricted status of the second content request, output the second content from the sandbox environment to the application outside of the sandbox environment. 18. The computer-readable memory of claim 17 , wherein the replacement content comprises a modified version of the first requested content modified having a piece of script removed. 19. A computer-implemented method comprising: receiving from an application, at a virtual machine isolated from the application, a first content request comprising a first content identifier; determining based on a content access policy a restricted status of the first content request; obtaining in the virtual machine, from a first content resource external to the virtual machine, first content using the first content identifier; responsive to determining the restricted status of the first content request, generating replacement content based on the first content; outputting the replacement content from the virtual machine to the application; receiving at the virtual machine from the application a second content request