I am rather amazed by the potential power that Caja has to offer, however, I cannot find a clear explanation of the execution or communication models.
>From what I understand so far, in the old version you have to run a server that runs the Cajole Java process to convert unsafe Javascript to safe Javascript. Caja.js then emulates a local run-time environment, using iframe, to run the safe code sent back by the server. The newer version has a cajoler available in Javascript. Now here are my questions: 1. Is my description somewhat accurate? Could it be that the pure Javascript implementation can only do SES for now? 2. Is it recommended to simply use the given Caja service (at https://caja.appspot.com/) for all my cajoling needs? Or can I somehow setup my own service, and if so, how? This documentation page<https://code.google.com/p/google-caja/wiki/CajaCajole> only explains how to run things locally. I cannot even find the server in the code. Also, that very page is deprecated and it sends us to the official Caja documentation <https://developers.google.com/caja/> site, which does not mention anything about how to run the cajoler at all. 3. From what I can gather in the code base, the SES compiler is available in Javascript, but I cannot find documentation on how to use it. Am I blind? Can you maybe link me to the relevant page or some SES API documentation? 4. A more philosophical question: Are you guys planning on porting to Node.js yet? The best relevant match on this group is this thread<https://groups.google.com/forum/#!searchin/google-caja-discuss/node.js/google-caja-discuss/KktHM_kiHCk/5LsvGYgF04oJ>from 2012. However, that's probably not too interesting for Google's internal use, for now? Either way, I hope that Caja will influence the standard to pay more attention to security checking and policy settings! Thank you for all your help! -Domi -- --- You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
