Anyone using IE8 or earlier to browse the web has already been infected with malware, so there is nothing you can do to protect them.
Caja does not support IE8 and earlier. Also, there have been hundreds of bugs fixed since version 3000, all of which are documented on the site, so an attacker could simply look up how to attack you if you deploy that version. On Fri, Jul 26, 2013 at 9:27 PM, Liu Lei <[email protected]> wrote: > thanks, I findd the answer from another , issue 6241043! new caja version > has fixed it。 > > sorry, I forget to supply the version。I use the caja version 3000, I know > it is a very old version,but, I test it ok even in ie6 。 > I work china taobao of alibaba, 10% of users use ie6,so,we must support it。 > > I take notice of the newest caja version is 5000+, well then , do 5000+ caja > version supports ie old version browser ?if not, I can only update my code > base of caja version 3000。 > > > 在 2013年7月27日星期六UTC+8上午12时42分53秒,Kevin Reid写道: >> >> On Fri, Jul 26, 2013 at 12:33 AM, Liu Lei <[email protected]> wrote: >>> >>> when str is a string, it is ok,but when str is a Date Object, >>> >>> >>> if (ttype === 'object') { >>> var ctor = directConstructor(t); >>> if (ctor === BASE_OBJECT_CONSTRUCTOR) { >>> f = untameCajaRecord(t); >>> } else { >>> throw new TypeError( >>> 'Untaming of guest constructed objects unsupported: ' + t); >>> } >>> } else if (ttype === 'function') { >>> f = untameCajaFunction(t); >>> } >> >> >> It looks like you have a very, very old version of Caja. This code is from >> January 2012, and indeed does not support passing Date objects out of the >> taming membrane. >> >> You should always use the latest version of Caja in order to ensure >> security, and in this case upgrading will fix this problem. >> >> You should also update your call to use the latest API: >> >> frame.content('', bareJS, 'text/javascript') >> .api({ >> alert: frame.tame(frame.markFunction(function(str){ >> alert(str); >> })) >> }) >> .run(); >> >> Note that the addition of frame.tame(); this is now required. Note that >> the additional environment is provided separately from run(). >> >> Note also that I have removed .contentCajoled(). While this is still >> supported, it is inferior in performance to the new ES5 mode which does not >> need any cajoling step, and takes unprocessed JS/HTML directly. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "Google Caja Discuss" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- Mike Stay - [email protected] http://www.cs.auckland.ac.nz/~mike http://reperiendi.wordpress.com -- --- You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
