For details, see the Google Developers Site Policies.
Using Caja to make it safe to embed in their page.Įxcept as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. With Caja,Ī service can supply both JSON and JavaScript, and websites can compile the JavaScript Of the JavaScript library that interacts with the service or write their own. Provided by a RESTful service had a dilemma: make their site vulnerable to the author
Until Caja, website authors that wished to consume data They can't redirect pages to phishing sites, sniff internal networks or browser history, They can even inherit CSS styles from the host page.Īt the same time, the host page is protected from the embedded apps: So it's easy to put many third-party apps into the same page and allow them to exchange Caja-compiled code is safe to inline directly in a page, Caja emulates these new features on browsers that don't support them natively. New browsers support these features natively, but older browsers still have a significant Including getters and setters, non-enumerable properties, and read-only properties. Caja emulates all the new features of ECMAScript 5, Try embedding Hello World on your site using the Additionally, Closure templates provide a strictly contextual auto-escaping system, which can drastically reduce the risk of XSS in your application. The Closure library has built-in HTML and CSS sanitizers and provides native support for key security mitigations like Content Security Policy and Trusted Types. Closure is used by applications, including Search, Gmail, Docs and Maps. We encourage users of Caja's HTML and CSS sanitizers to migrate to Closure toolkit, an open source toolkit for Javascript. As a result, several security vulnerabilities have been reported to Caja, both by Google’s security engineers and by external researchers. Caja has not been actively maintained or developed to keep up with the latest research on web security. After January 31, no new features will be added, pull requests and other issues will no longer be addressed, including patches for security issues, and the repository will be marked as archived.
On January 31st, 2021, we will be archiving the Caja project.
0 kommentar(er)
