What's new? | Help | Directory | Sign in
Google
Project Home
  
Downloads
  
Wiki
  
Issues
  
Source
    
Code License: Apache License 2.0
Labels: Google, Javascript, Security, Object-capabilities, Caja, ABAC, POLA, Sanitizing, Mashups
Show all Featured Wiki Pages:
GettingStarted
Links:
Blogs:
Groups:
Join project
Project owners:
  mikesamuel, erights, benlaurie, ihab.awad, metaweta, jasvir, b...@links.org, adriennefelt
Project members:
elsigh, chrohrs, dcoker, nobigdealstyle, johnfargo, mdynin, dirk.balfanz, danfuzz1, lahosken, brunob, pascallouisperez, daniel.e.rabin, llamaguy, gwt.team.dpeterson, goo...@speechcode.com, costa.jason, dglibi...@google.com, zestyping, davidsarah.hopwood, collin.jackson, daw+goo...@taverner.cs.berkeley.edu, tyler.close, felix8a

Using Caja, web apps can safely allow scripts in third party content.

The computer industry has only one significant success enabling documents to carry active content safely: scripts in web pages. Normal users regularly browse untrusted sites with Javascript turned on. Modulo browser bugs and phishing, they mostly remain safe. But even though web apps build on this success, they fail to provide its power. Web apps generally remove scripts from third party content, reducing content to passive data. Examples include webmail, groups, blogs, chat, docs and spreadsheets, wikis, and more.

Were scripts in an object-capability language, web apps could provide active content safely, simply, and flexibly. Surprisingly, this is possible within existing web standards. Caja represents our discovery that a subset of Javascript is an object-capability language.

AttackVectors

CapabilityUseCases

draft rewrite rules

Caja Test Bed applet

ECMAScript-262 Third Edition (ES3) Specification

Talks