A colleague and I are discussing an effort to build/enhance a workspace similar to the "container" that is like the igoogle "workspace" i.e. the page that gadgets run in. From a security standpoint, is it necessary in any way that the workspace itself be cajoled or tamed?
We are starting to think that it wouldn't have to be cajoled or tamed at all, although this wasn't immediately obvious when we were locked into thinking about Caja so much. So long as the gadgets that run within the workspace are sufficiently sandboxed from one another by Caja and not in any way given references to the workspace, it seems that the workspace could have no knoweldge of Caja whatsoever without security impact on the gadgets running within it. Does that make sense? We'd be glad to pay an expert with Caja a nice consulting rate to occasionally bounce questions off of and/or review design artifacts we are producing. If anyone is interested, we should chat about that...
