[Caja] Having problems trying to self host caja

[Ryan Litvak]

My goal is to allow our users to upload custom scripts to extend the 
functionality of our existing system.  Essentially, at specific trigger 
points they can tie in scripts.  For those triggers I want to run their 
code in caja so I can sandbox it.

I put the generated output from the build into 
/scripts/external/caja/
caja.js

/scripts/external/caja/5687
ses-single-frame.js
ses-single-frame.opt.js
utility-frame.js
utility-frame.opt.js

I put my custom script here:
/scripts/application/scripting/
script.js

The script looks like this
(function f(x) {
    return x;
});

The system has a local endpoint where it can retrieve the scripts they have 
configured.  Here is a simplified version of the problem I am running into:

    <script type="text/javascript"> 
        caja.initialize({
            cajaServer: '/scripts/external/caja/',
            maxAcceptableSeverity: 'NO_KNOWN_EXPLOIT_SPEC_VIOLATION',
            debug: true,
            es5Mode: true
        });

        caja.load(undefined, undefined, function (frame) {
            frame.code("/scripts/application/scripting/script.js", 
'application/javascript')
            .run(function(r) {
                debugger;
            });
        });
    </script>

At this point, the value of r is undefined.  I expected to get the 
sandboxed function from my custom script.

I was tracing through what is happening, and I got to here:

    Q.when(promise, function (compiledFunc) {
        debugger;
*      var result = compiledFunc(imports);*
      if (opt_runDone) {
        opt_runDone(result);
      }
    }, function (failure) {
      config.console.log('Failed to load guest content: ' + failure);
    });

In this instance, result is undefined, which makes sense considering my 
issue.  However, I am reaching the point where my attempts to understand 
what is going on is yielding diminishing returns and I am sending up a 
flare.

I feel like I am missing one key thing to make this work.

I had originally started going down the path of running my own caja proxy 
service but I think from what I understand from previous conversations, 
this is not necessary?  Maybe it is?

Any help is greatly appreciated.

Thank you,

Ryan

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-caja-discuss+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.