Hi All, What are the benefits of using “Caja” in an open-social container? Obviously it’s a code sanitizer that help removing “malicious” code that was written by someone I don’t fully trust.
But since “Open Social’’ security architecture based on the browsers cross domain protection, the malicious code does not have access to the container and other applications (IFrame on domain www.my-Apps-Server.com can’t access the document that contains them on www.my-social-network.com) So, Why should I be worried about the stuff the applications developers code does? What attacks can it possibly performs? What am I missing? I would appreciate a well explained answer on this one Thanks in advance, Yaron Avital DiffDoof.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Implementing OpenSocial Containers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/opensocial-container?hl=en -~----------~----~----~----~------~----~------~--~---
