I just posted this question on stackexchange<http://programmers.stackexchange.com/questions/235008/what-are-security-advantages-of-google-caja-over-using-the-web-worker-api> :
I am currently looking into Google Caja to run user-supplied JS code in the browser and in Node. So far, I understand, that, in a browser context, "cajoled code" disallows reading and messing with the window state by running unsafe code through a full-blown parser that gets rid of all kinds of attack vectors, and then safely executing that code in an iframe of the same origin. However, I am currently working on a solution using HTML5's Worker (see here<http://stackoverflow.com/questions/22506026/how-to-safely-run-user-supplied-javascript-code/22892328#22892328>) and it seems to have the same effect. What does Caja have to offer that Worker does not have, other than the ability to customize security policies? Does it have any additional safety features? Thank you for your help! -- --- You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
