Caja project

Caja (pronounced /ˈkɑːhɑː/ KAH-hah)[1] is a Google project and a JavaScript implementation for "virtual iframes" based on the principles of object-capabilities. Caja takes JavaScript (technically, ECMAScript 5 strict mode code), HTML, and CSS input and rewrites it into a safe subset of HTML and CSS, plus a single JavaScript function with no free variables. That means the only way such a function can modify an object is if it is given a reference to the object by the host page. Instead of giving direct references to DOM objects, the host page typically gives references to wrappers that sanitize HTML, proxy URLs, and prevent redirecting the page; this allows Caja to prevent certain phishing attacks, prevent cross-site scripting attacks, and prevent downloading malware. Also, since all rewritten programs run in the same frame, the host page can allow one program to export an object reference to another program; then inter-frame communication is simply method invocation.

The word "caja" is Spanish for "box" or "safe" (as in a bank), the idea being that Caja can safely contain JavaScript programs as well as being a capabilities-based JavaScript.

Caja is currently used by Google in its Google Sites[2] and Google Apps Script[3] products; in 2008 MySpace[4][5] and Yahoo![6] and Allianz had both deployed a very early version of Caja but later abandoned it.

See also

References

  1. ^ Note about pronunciation, October 2007.
  2. ^ Insert custom HTML, CSS, and Javascript, retrieved 2012/04/16
  3. ^ Html Service: Caja Sanitization 2013/06/28, retrieved 2013/07/25
  4. ^ MySpace: Caja JavaScript scrubbing ready for prime time, 2008/02/04, retrieved 2008/06/08
  5. ^ Tim Oren's Due Diligence: Web 2.0 Investors: Pay Attention To Caja, 2008/04/11, retrieved 2008/06/08
  6. ^ OpenSocial API Blog: Launched: Yahoo!'s First Implementation of OpenSocial Support, 2008/10/28, retrieved 2008/11/15

External links

Caja

Caja (meaning "box" in Spanish) can refer to:

Caja or caixa, a Spanish savings bank similar to a credit union

Caja project, a Google security-project for "virtual iframes"

Caja del Rio, a mesa in New Mexico, USA

Caja vallenata, a drum similar to a tambora

Caja China, see Nochebuena

Caja, the official file manager for the MATE desktop environment

Cajita

Cajita may refer to:

Eschweilera mexicana, a species of woody plant only found in Mexico

Cajita (instrument), a Latin percussion instrument in which a little box is opened and closed

A subset of the JavaScript programming language based on the principles of object-capabilities, see Caja project

Concepts
OS kernels
Programming languages
Filesystems
Specialised hardware
Dialects
Engines
(comparison)
Frameworks
People
Other
Overview
Advertising
Communication
Software
Platforms
Hardware
Development
tools
Publishing
Search
(timeline)
Events
People
Other
Related

This page is based on a Wikipedia article written by authors (here).
Text is available under the CC BY-SA 3.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.