When i shared "elfinder", you liked a lot, I hope you like google-caja
Google's Caja project allows mutually untrusting and untrusted web applications to run in the same context and allows them to safely communicate by regular JS function calls and reference passing. It provides tools that rewrite JS/HTML/CSS web applications to enable a wide range of security policies, allowing untrusted third party code to run in environments as dissimilar as social networks and corporate intranets. http://code.google.com/p/google-caja/ http://sites.google.com/site/io/secure-collaboration---how-web-applications-can-share-and-still-be-paranoid I would like propose integration with web2py in future
