Well i've been musing about how to pull in Caja for ... since I
started working on php shindig, however i've yet to come up with a
good answer to that problem.
There are some java bridges that exist for PHP, but the chance that
all php shindig consumers will be happy with running & depending on
those are very slim (plus that solution has a commercial fee attached
to it), so that doesn't seem like a good solution.
The other solution we've discussed before is google (or anyone)
hosting a web based service that you could feed html/js etc too, but
from a performance / load point of view this seems far from ideal
too.. Maybe if it was a stand alone downloadable program that people
could run locally it -might- work, but keep in mind that in a lot of
situations where php shindig is used, the knowledge on how to deploy &
scale java apps is likely to be quite low to non existent (talking
averages here).
The last possible solution, as Gonzalo pointed out, is to port Caja to
PHP .. however we would definitely need some very dedicated people to
step up to the plate for that (who also understand all the
complexities that are involved with Caja & the security issues), so i
wouldn't give that a high chance of success either... But I'm happy to
be proven wrong though if anyone feels inclined :)
I'm hoping we'll find some creative way to make it work though, if you
count the current sandboxes too, there's some ~ 140 mil end users that
(will- &) have their open social experience through php shindig, not
as an massive amount as the java version yet, but a non negligible
amount either.
-- Chris
On Aug 15, 2008, at 8:47 PM, Brian Eaton wrote:
Ugh.
We need a way for PHP to depend on Caja, or we need to get
gadgets.util.sanitizeHtml pulled out of the opensocial spec, or we
need to accept that PHP Shindig will never implement that function.
For now we can probably make the implementation of
gadgets.util.sanitizeHtml dependent on the presence of the Caja HTML
sanitization code.
On Fri, Aug 15, 2008 at 11:41 AM, Chris Chabot <[EMAIL PROTECTED]>
wrote:
I build in a 'ignore anything that starts with res://' into the
feature
parsing a while ago already (back then it was the caja changes that
made php
shindig upset), so the changes doesn't cause the world to burn
directly.
However the file won't be included by php shindig either, so please
that
keep in mind before building something that depends on it,
otherwise you
could break quite a few social sites :)
On Aug 15, 2008, at 8:22 PM, Josh Landin wrote:
I agree.
On 8/15/08, Kevin Brown <[EMAIL PROTECTED]> wrote:
Requiring PHP users to build, download, and manage a jar (not to
mention
adding the code to deal with it to the PHP build) to get one
javascript
file
is completely unreasonable.
