Thanks. Making progress. Now the HTML of the page loads but no scripts. The console contains
SES initialization ses-single-frame.js?debug=1:969<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> Problem ignored by configuration (Unsafe spec violation): Extending an array can modify read-only array length ses-single-frame.js?debug=1:948<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> Problem ignored by configuration (Unsafe spec violation): SyntaxErrors aren't always early ses-single-frame.js?debug=1:948<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> Repaired: Non-deletable RegExp statics are a global communication channel ses-single-frame.js?debug=1:948<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> Repaired: Date.prototype is a global communication channel ses-single-frame.js?debug=1:948<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> Not repaired: Eval breaks masking of named functions in non-strict code ses-single-frame.js?debug=1:948<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> Not repaired: Extending an array can modify read-only array length ses-single-frame.js?debug=1:948<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> Not repaired: [[ThrowTypeError]] has normal function properties ses-single-frame.js?debug=1:948<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> Not repaired: SyntaxErrors aren't always early ses-single-frame.js?debug=1:948<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> Repaired: Array methods as functions operate on global object ses-single-frame.js?debug=1:948<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> Max Severity: Safe spec violation(1). ses-single-frame.js?debug=1:948<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> 440 Apparently fine ses-single-frame.js?debug=1:948<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> 10 Deleted ses-single-frame.js?debug=1:948<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> 1 Skipped ses-single-frame.js?debug=1:948<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> Max Severity: Safe spec violation(1). ses-single-frame.js?debug=1:948<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> initSES succeeded. ses-single-frame.js?debug=1:948<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> Uncaught script error: Error: not loaded in source: " https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js"; at line: 1 ses-single-frame.js?debug=1:26127<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> Uncaught script error: Error: not loaded in source: " https://ajax.googleapis.com/ajax/libs/jqueryui/1.10.4/jquery-ui.min.js"; at line: 1 ses-single-frame.js?debug=1:26127<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> Uncaught script error: Error: not loaded in source: " http://toontalk.appspot.com/js/toontalk.js"; at line: 1 ses-single-frame.js?debug=1:26127<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> Uncaught script error: TypeError: Object [object Object] has no method 'initialise' in source: "http://toontalk.appspot.com/index.html"; at line: 1 I did a test without any of my JavaScript and got the same errors for JQuery. On Tuesday, March 18, 2014 2:54:15 PM UTC, Kevin Reid wrote: > > On Tue, Mar 18, 2014 at 3:24 AM, Ken Kahn <[email protected] <javascript:> > > wrote: > >> Hi. Thanks. >> >> I just tried es5Mode: true >> >> and I got >> >> Uncaught TypeError: undefined is not a function >> caja.js:247<http://caja.appspot.com/caja.js> >> >> It seems that this was caused the lack of an onFailure function in . >> >> function initialize(config /*, opt_onSuccess, opt_onFailure */) { >> >> which is called with only one argument. >> > > That's kind of a lousy experience, sorry; I've filed an issue > https://code.google.com/p/google-caja/issues/detail?id=1906 to have a > better error message in that case. > > >> The err variable contained "ES5 mode requested but browser is >> unsupported". >> > > Gah. Sorry, I forgot to mention. This is one of those things that is not > really well-documented since the decision to deprecate ES5/3. > > By default SES takes an extremely conservative approach to browser bugs. > In order to enable Caja when it can be used for safely sandboxing ordinary > JavaScript (as opposed to some of the more advanced use cases of SES), > specify this additional option to initialize: > > maxAcceptableSeverity: 'NO_KNOWN_EXPLOIT_SPEC_VIOLATION', > > What this means is that it will run in the presence of browser bugs which > are known not to affect Caja's isolation between host and guest code. > > >> By the way, the only reason I added es5Mode: false was advice from >> https://groups.google.com/forum/#!topic/google-caja-discuss/38tIX-EKEn8but I >> guess that is a year old now. I thought it was a way to avoid the 'Uncaught >> Error: SES not supported, aborting taming frame initialization' error. > > > FYI, that "uncaught error" is actually a gimmick to avoid more > uncontrolled errors occurring in the console. The actual failure report > from SES is shown in the console in the collapsed group "SES > initialization". (This is a compromise to provide reasonable debugging > information without spamming the console whenever startup is _successful_.) > -- --- You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
