This article will be permanently flagged as inappropriate and made unaccessible to everyone. Are you certain this article is inappropriate? Excessive Violence Sexual Content Political / Social
Email Address:
Article Id: WHEBN0017841155 Reproduction Date:
Caja (pronounced )[1] is a Google project and a JavaScript implementation for "virtual iframes" based on the principles of object-capabilities. Caja takes JavaScript (technically, ECMAScript 5 strict mode code), HTML, and CSS input and rewrites it into a safe subset of HTML and CSS, plus a single JavaScript function with no free variables. That means the only way such a function can modify an object is if it is given a reference to the object by the host page. Instead of giving direct references to DOM objects, the host page typically gives references to wrappers that sanitize HTML, proxy URLs, and prevent redirecting the page; this allows Caja to prevent certain phishing attacks, prevent cross-site scripting attacks, and prevent downloading malware. Also, since all rewritten programs run in the same frame, the host page can allow one program to export an object reference to another program; then inter-frame communication is simply method invocation.
The word "caja" is Spanish for "box" or "safe" (as in a bank), the idea being that Caja can safely contain JavaScript programs as well as being a capabilities-based JavaScript.
Caja is currently used by Google in its Orkut,[2] Google Sites,[3] and Google Apps Script[4] products; in 2008 MySpace[5][6] and Yahoo![7] had both deployed a very early version of Caja but later abandoned it.
YouTube, Alphabet Inc., Android (operating system), Software, Apple Inc.
Html, ECMAScript, Json, Python (programming language), Internet Explorer
Google, University of Texas at Austin, HathiTrust, Uniform resource locator, Metadata
Internet, Executable, Computer virus, Spyware, Computer network
Arabic language, Google, English language, French language, Turkey
Object-capability model, Java (programming language), E (programming language), Caja project, Software design
Google, Google Books, JavaScript, YouTube, Cascading Style Sheets
JavaScript, Google, YouTube, ARM architecture, Google Books
JavaScript, Json, Java (programming language), Dojo Toolkit, ECMAScript
ECMAScript, JavaScript, C , Json, Java (programming language)