google-caja - Google Code

License:	Apache License 2.0
Labels:	Google, Javascript, Security, Object-capabilities, Caja, ABAC, POLA, Sanitizing, Mashups

Show all Featured Downloads:
caja-spec-2008-01-15.pdf

Show all Featured Wiki Pages:
GettingStarted

Links:	Object-capabilities on Wikipedia Other object-capability languages Possible Attack Vectors Demo - LOLCat Search Tim Oren explains Caja
Blogs:	Applying object-capabilities to the browser and web security Discussions of object-capability language issues General object-capability discussions OpenSocial API Blog
Groups:	Caja Discussion Group

Join project

Project owners:
	mikesamuel, erights, benlaurie, ihab.awad, metaweta, jasvir, b...@links.org
Project members:
	elsigh, chrohrs, dcoker, nobigdealstyle, johnfargo, mdynin, dirk.balfanz, danfuzz1, lahosken, brunob, pascallouisperez, daniel.e.rabin, llamaguy, gwt.team.dpeterson, art...@google.com, costa.jason

Using Caja, web apps can safely allow scripts in third party content.

The computer industry has only one significant success enabling documents to carry active content safely: scripts in web pages. Normal users regularly browse untrusted sites with Javascript turned on. Modulo browser bugs and phishing, they mostly remain safe. But even though web apps build on this success, they fail to provide its power. Web apps generally remove scripts from third party content, reducing content to passive data. Examples include webmail, groups, blogs, chat, docs and spreadsheets, wikis, and more.

Were scripts in an object-capability language, web apps could provide active content safely, simply, and flexibly. Surprisingly, this is possible within existing web standards. Caja represents our discovery that a subset of Javascript is an object-capability language.

AttackVectors

CapabilityUseCases

library

draft rewrite rules (expressed using E's quasi-literals for now)

Draft Caja Spec

Andrea Campi's Online Caja translator

Caja Test Bed applet

ECMAScript-262 Specification