As far as i have seen, web2py properly prevents a lot of vulnerabilities, and it could continue doing it. By now it seems sufficient. In practice, the most common place you may need to write in Caja is when creating Opensocial gadgets. Some opensocial containers (such as YAP, Shindig, iGoogle, Code Wiki and Orkut) support Caja. Therefore I said "in future", but it is worth starting to consider it now.
On 5 jul, 16:50, mdipierro <[email protected]> wrote: > will take a look. I never heard of it before. > > On 5 Lug, 07:31, GoldenTiger <[email protected]> wrote: > > > When i shared "elfinder", you liked a lot, > > I hope you like google-caja > > > Google's Caja project allows mutually untrusting and untrusted web > > applications to run in the same context and allows them to safely > > communicate by regular JS function calls and reference passing. It > > provides tools that rewrite JS/HTML/CSS web applications to enable a > > wide range of security policies, allowing untrusted third party code > > to run in environments as dissimilar as social networks and corporate > > intranets. > > >http://code.google.com/p/google-caja/ > > >http://sites.google.com/site/io/secure-collaboration---how-web-applic... > > > I would like propose integration with web2py in future
