[Caja] [google-caja] r3772 committed - Fix URL for Jacaranda.

Fri, 02 Oct 2009 10:17:26 -0700 

Revision: 3772
Author: davidsarah.hopwood
Date: Fri Oct  2 10:15:10 2009
Log: Fix URL for Jacaranda.
http://code.google.com/p/google-caja/source/detail?r=3772

Modified:
  /wiki/SubsetRelationships.wiki

=======================================
--- /wiki/SubsetRelationships.wiki      Tue May 19 00:32:59 2009
+++ /wiki/SubsetRelationships.wiki      Fri Oct  2 10:15:10 2009
@@ -22,7 +22,7 @@
    * *_S = SimpleSubset_*. The first enemy of security is complexity. Due  
to !JavaScript's history, it is needlessly complex. Cajita is approximately  
the simplest subset of !JavaScript we could find with no loss of  
functionality for new code.
    * *_E = EmbeddedEmulation_*. !JavaScript, and therefore Valija, supports  
mutable static state, which violates object-capability rules. To support  
multiple isolated Valija sandboxes on one web page, we translate Valija to  
Cajita so as to emulate this static state in terms of isolated Cajita  
object states.

-Among secure !JavaScript variants, [http://www.adsafe.org/ ADsafe],  
[http://www.jacaranda.org/jacaranda-spec-0.3.txt Jacaranda], and  
[http://www.sitepen.com/blog/2008/08/01/secure-mashups-with-dojoxsecure/  
dojox secure] are all designed for a similar degree of support for  
NiceNeighbor and SimpleSubset. Rather than translate to ES3R, they instead  
take a verification-only approach, which has various engineering benefits  
such as zero runtime overhead. However, for ES3R, verification requires  
blacklisting rather than whitelisting, which is harder to secure.
+Among secure !JavaScript variants, [http://www.adsafe.org/ ADsafe],  
[http://jacaranda.org/ Jacaranda], and  
[http://www.sitepen.com/blog/2008/08/01/secure-mashups-with-dojoxsecure/  
dojox secure] are all designed for a similar degree of support for  
NiceNeighbor and SimpleSubset. Rather than translate to ES3R, they instead  
take a verification-only approach, which has various engineering benefits  
such as zero runtime overhead. However, for ES3R, verification requires  
blacklisting rather than whitelisting, which is harder to secure.

  Note that Jacaranda does define a set of static rules for permitting safe  
limited use of `this`. A future Cajita may adopt these rules.

Reply via email to