It seems part of my problem is not using the right pre-cajoled versions of JQuery and JQuery UI.
I am finding now that these versions work: LOG(0) PRECAJOLE_HIT: Using precajoled http://code.jquery.com/jquery-1.8.2.js es53-taming-frame.js?debug=1:35929<https://caja.appspot.com/5643/es53-taming-frame.js?debug=1> LOG(0) PRECAJOLE_HIT: Using precajoled http://code.jquery.com/ui/1.8.23/jquery-ui.js However the page https://developers.google.com/apps-script/guides/html/restrictions#jquery_and_jquery_ui states All recent versions of the jQuery <http://jquery.com/> and jQuery UI<http://jqueryui.com/> libraries are compatible with Caja, but the libraries load faster if you use the versions that Google hosts<https://developers.google.com/speed/libraries/devguide#jquery> : - jQuery: <script src="//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script> - jQuery UI: <script src="//ajax.googleapis.com/ajax/libs/jqueryui/1.9.1/jquery-ui.min.js"></script> Following the link to https://developers.google.com/speed/libraries/devguide#jquery states that there many versions compatible with Caja. But when I tried one on that list I did not get 'LOG(0) PRECAJOLE_HIT: Using precajoled' but instead many errors reported above. Best, -ken On Tuesday, March 18, 2014 4:25:18 PM UTC+1, Ken Kahn wrote: > > Thanks. Making progress. Now the HTML of the page loads but no scripts. > The console contains > > SES initialization > ses-single-frame.js?debug=1:969<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> > Problem ignored by configuration (Unsafe spec violation): Extending an > array can modify read-only array length > ses-single-frame.js?debug=1:948<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> > Problem ignored by configuration (Unsafe spec violation): SyntaxErrors > aren't always early > ses-single-frame.js?debug=1:948<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> > Repaired: Non-deletable RegExp statics are a global communication channel > ses-single-frame.js?debug=1:948<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> > Repaired: Date.prototype is a global communication channel > ses-single-frame.js?debug=1:948<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> > Not repaired: Eval breaks masking of named functions in non-strict code > ses-single-frame.js?debug=1:948<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> > Not repaired: Extending an array can modify read-only array length > ses-single-frame.js?debug=1:948<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> > Not repaired: [[ThrowTypeError]] has normal function properties > ses-single-frame.js?debug=1:948<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> > Not repaired: SyntaxErrors aren't always early > ses-single-frame.js?debug=1:948<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> > Repaired: Array methods as functions operate on global object > ses-single-frame.js?debug=1:948<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> > Max Severity: Safe spec violation(1). > ses-single-frame.js?debug=1:948<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> > 440 Apparently fine > ses-single-frame.js?debug=1:948<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> > 10 Deleted > ses-single-frame.js?debug=1:948<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> > 1 Skipped > ses-single-frame.js?debug=1:948<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> > Max Severity: Safe spec violation(1). > ses-single-frame.js?debug=1:948<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> > initSES succeeded. > ses-single-frame.js?debug=1:948<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> > Uncaught script error: Error: not loaded in source: " > https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js"; at > line: 1 > ses-single-frame.js?debug=1:26127<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> > Uncaught script error: Error: not loaded in source: " > https://ajax.googleapis.com/ajax/libs/jqueryui/1.10.4/jquery-ui.min.js"; > at line: 1 > ses-single-frame.js?debug=1:26127<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> > Uncaught script error: Error: not loaded in source: " > http://toontalk.appspot.com/js/toontalk.js"; at line: 1 > ses-single-frame.js?debug=1:26127<https://caja.appspot.com/5643/ses-single-frame.js?debug=1> > Uncaught script error: TypeError: Object [object Object] has no method > 'initialise' in source: "http://toontalk.appspot.com/index.html"; at line: > 1 > > I did a test without any of my JavaScript and got the same errors for > JQuery. > > On Tuesday, March 18, 2014 2:54:15 PM UTC, Kevin Reid wrote: >> >> On Tue, Mar 18, 2014 at 3:24 AM, Ken Kahn <[email protected]> wrote: >> >>> Hi. Thanks. >>> >>> I just tried es5Mode: true >>> >>> and I got >>> >>> Uncaught TypeError: undefined is not a function >>> caja.js:247<http://caja.appspot.com/caja.js> >>> >>> It seems that this was caused the lack of an onFailure function in . >>> >>> function initialize(config /*, opt_onSuccess, opt_onFailure */) { >>> >>> which is called with only one argument. >>> >> >> That's kind of a lousy experience, sorry; I've filed an issue >> https://code.google.com/p/google-caja/issues/detail?id=1906 to have a >> better error message in that case. >> >> >>> The err variable contained "ES5 mode requested but browser is >>> unsupported". >>> >> >> Gah. Sorry, I forgot to mention. This is one of those things that is not >> really well-documented since the decision to deprecate ES5/3. >> >> By default SES takes an extremely conservative approach to browser bugs. >> In order to enable Caja when it can be used for safely sandboxing ordinary >> JavaScript (as opposed to some of the more advanced use cases of SES), >> specify this additional option to initialize: >> >> maxAcceptableSeverity: 'NO_KNOWN_EXPLOIT_SPEC_VIOLATION', >> >> What this means is that it will run in the presence of browser bugs which >> are known not to affect Caja's isolation between host and guest code. >> >> >>> By the way, the only reason I added es5Mode: false was advice from >>> https://groups.google.com/forum/#!topic/google-caja-discuss/38tIX-EKEn8but >>> I guess that is a year old now. I thought it was a way to avoid the >>> 'Uncaught >>> Error: SES not supported, aborting taming frame initialization' error. >> >> >> FYI, that "uncaught error" is actually a gimmick to avoid more >> uncontrolled errors occurring in the console. The actual failure report >> from SES is shown in the console in the collapsed group "SES >> initialization". (This is a compromise to provide reasonable debugging >> information without spamming the console whenever startup is _successful_.) >> > -- --- You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
