2010/7/11 Eric Dorman <[email protected]>: > Hello guys, > > Does anyone know if anybody is working on implementing SSL into the > LocalStorage Attribute? > > I think a prototype of SSL built with Javascript would really be cool > to develop. > > Anybody think this is a good idea as well?:/
Jasvir responded to an earlier version of your question at http://groups.google.com/group/google-caja-discuss/browse_thread/thread/35e3c75232c89ecb : I don't think I understand the question. Webstorage apis like localstorage and sessionStorage are exposed via javascript apis. A container using caja can expose access to these api or attenuate access to it. This is called taming. Caja doesn't provide a default taming for webstorage. Is this what you are asking for? If so, I don't understand how SSL fits into your question. The security model for webstorage apis are based on same-origin making them vulnerable to spoofing attacks. This is only partially mitigated by SSL and certainly doesn't help for the use case for which Caja is intended where third party code is being served on the same domain as container code. > Thanks & God Bless, > Eric
