My favorites | Sign in
Logo
Project Home
  
Downloads
  
Wiki
  
Issues
  
Source
    
Search
for
  
  PageName Summary + Labels Changed ChangedBy ...
Debugging How to debug Caja applications 2 days ago westbr...@google.com  
FinallySkipped finally blocks can fail to execute in one script block and control still proceed to another. Dec 04 mikesamuel  
AttackVectors Interpreter&Browser properties that can be exploited to escalate privileges. Dec 04 mikesamuel  
WhatsMissing What JavaScript constructs are proposed for EcmaScript or commonly used, and absent from Valija? Dec 01 erights  
SourcesOfNonDeterminism Document the sources of non-determinism in Javascript. Nov 30 jasvir  
TableOfContents documentation outline for docreader Nov 21 erights  
UrlPolicy specifies which URLs untrusted code can fetch, and in what contexts. Nov 13 jasvir  
UserAgentContext A way the Cajoler take user-agent into account to reduce download size Nov 11 mikesamuel  
GlobalObjectPoisoning passing any object cross-frame gives access to global definitions. Nov 02 mikesamuel  
HistoryMining User browsing history can leak through visited link styles Oct 30 davidsarah.hopwood  
RunningCaja How to install Caja and run it from the command line. Oct 21 jasvir  
Motivation Why use Caja? Oct 21 jasvir  
CajaCajole "Cajoling" is what we call the process of turning Caja input into JavaScript. Oct 21 jasvir  
ContributingCode How to contribute to code to Caja Oct 21 jasvir  
GettingStarted Resources for end-users using caja Oct 21 jasvir  
Containers Containers using Caja Oct 21 jasvir  
SecurityAdvisories All our security advisories (latest first). Oct 20 davidsarah.hopwood  
RedirectWithoutUserAction Frames can redirect other frames Oct 20 jasvir  
PhishingViaCrossSiteHttpAuth An attacker can display an HTTP authorization dialog that looks like it may have come from another site Oct 20 jasvir  
SecurityAdvisory19Oct2009 Security Advisory 19 October 2009 Oct 19 mikesamuel  
LibraryTaming How to tame libraries. Oct 19 jasvir  
JsControlFormatChars Oct 09 mikesamuel  
NiceNeighbor How Cajita coexists with untranslated JavaScript Oct 07 erights  
CajitaValues Taxonomy of Cajita Values. Oct 02 erights  
SubsetRelationships Relationships of Cajita, Valija, and various versions of JavaScript Oct 02 davidsarah.hopwood  
ObjectProperties How caja.js protects access to properties Sep 25 mikesamuel  
CajaHostingModules How to host Caja modules Sep 25 mikesamuel  
Performance Performance of cajoled code   Draft Sep 16 jasvir  
UrlFetchingSideChannel Side-channels from unproxied connections leak information across closed networks Sep 10 mikesamuel  
JavaScript The dialects of JavaScript used by the Caja project. Aug 05 erights  
GlobalScopeViaThis `this` is often bound to the global scope. Aug 05 erights  
SecurityAdvisory20090707 Security Advisory 7 July 2009 Jul 31 metaweta  
SecurityAdvisory20090623 Security Advisory 29 Jun 2009 Jul 31 b...@links.org  
FlashBridge Using the Flash bridge.   flash Jul 24 metaweta  
CajaOverview Overview of the Caja system Jul 17 metaweta  
CajaLexicon Loose definitions for some of the core terminology that will facilitate getting up to speed with Caja Jun 23 ptwobrussell  
ErrorExposesParameterValues The stack property of Error includes parameter values. May 2009 davidsarah.hopwood  
CatchBlocksScopeBleed catch blocks don't always introduce a new scope. May 2009 davidsarah.hopwood  
InnocentCodeRewriter A minimal JavaScript to JavaScript translator for innocent code Apr 2009 erights  
StringObfuscationIsEasy regular expressions cannot match bad code without unacceptable false positives Apr 2009 mikesamuel  
CssImportsAllowUnsanitizedCodeExecution @import(<url>) can allow execution of script in unsanitized CSS Apr 2009 mikesamuel  
SimpleSubset Cajita as the simplest full-function subset of JavaScript Apr 2009 erights  
TranslationTarget Compiling Cajita to JavaScript Apr 2009 erights  
EmbeddedEmulation How Cajita supports multiple Valija sandboxes Apr 2009 erights  
DebuggingShindig How to debug cajoled gadgets in Shindig Mar 2009 jasvir  
SecurityAdvisory20090323 Security Advisory 23 March 2009 Mar 2009 b...@links.org  
SecurityAdvisory20090220 Security Advisory 20 Feb 2009 Mar 2009 b...@links.org  
DeleteUnmasksGlobals `delete` defeats masking of globals via `with` Feb 2009 jasvir  
FAQ FAQ about problems when using Caja Feb 2009 jasvir  
JsHtmlSanitizer How to use caja as a stand-alone client side sanitizer Jan 2009 mikesamuel  
ConditionalCompilationComments Conditional compilation may allow disabling of runtime checks. Dec 2008 mikesamuel  
IdAndNameMasking Descendants with an ID or NAME attribute can mask properties defined in DOM2 HtmlCollection, HTMLFormElement, NamedNodeMap, etc. Dec 2008 mikesamuel  
RunningJQueryTests How to run the jQuery tests cajoled. Nov 2008 metaweta  
CompoundAssignmentsCanReturnNonNumber Compound assignment expressions might not evaluate to a number (or string in the case of +=), in violation of the ES3 specification. Simple assignments might not evaluate to their right-hand-side. Nov 2008 davidsarah.hopwood  
RunningPrototypeTests How to test Cajoled Prototype. Nov 2008 b...@links.org  
NewNewCodeReview Really simple code review scheme. Nov 2008 b...@links.org  
CssAllowsArbitraryCodeExecution CSS allows binding of properties to arbitrary javascript expressions Nov 2008 davidsarah.hopwood  
MisOptimizations Some interpreters try optimizations that subtly changing the semantics of builtin operators Nov 2008 davidsarah.hopwood  
PostIncrementAndDecrementCanReturnNonNumber Post-increment and post-decrement expressions might not evaluate to a number, in violation of the ES3 specification Nov 2008 davidsarah.hopwood  
NewCodeReview Proposed new code review scheme. Oct 2008 b...@links.org  
HowDoesCajaStopX FAQ explaining how Caja stops various kinds of attacks. Aug 2008 mikesamuel  
UncaughtExceptionHandling A mechanism for trapping and handling exceptions not handled during loadModule. Aug 2008 mikesamuel  
EvalBreaksClosureEncapsulation Eval extensions allow reaching into the scope chain of closures Jul 2008 mikesamuel  
CajaWhitelists Schema for whitelists used by the Cajoler Jun 2008 mikesamuel  
InconsistentlyReservedKeywords Context sensitive keywords not supported by some browsers cause parser ambiguity, possibly hoisting variables into the global scope. Jun 2008 mikesamuel  
RegexpsLeakMatchGlobally Any regular expression can match against the last string passed to any other Jun 2008 mikesamuel  
PipelineConfiguration How to configure the Cajoler pipeline Jun 2008 mikesamuel  
SecurityReviewWhiteboards Pictures of our whiteboards during the Caja Security Review. Jun 2008 zestyping  
HiddenControlFlowHazard Jun 2008 erights  
InternalProperties List of properties internal to the Caja implementation and their semantics. Jun 2008 zestyping  
KnownIssuesForReview A list of known issues for the review starting June 09, 2008. Jun 2008 ihab.awad  
CajaModule Definition of a Caja Module Jun 2008 metaweta  
XsrfViaXxe parsing XML can cause the browser to fetch arbitrary URLs Jun 2008 mikesamuel  
TypeofInconsistent ES3 allows for arbitrary behavior around typeof Jun 2008 mikesamuel  
SetTimeoutArbitraryCodeExecution some browser intrinsics treat a string as code to eval. Jun 2008 mikesamuel  
ScriptInHtml inlined JS can break out of script tags to execute code hidden in strings or comments Jun 2008 mikesamuel  
OutputChecks sanity checks on cajoler output Jun 2008 mikesamuel  
ObjectWatch watch and unwatch intercept gets and sets to object properties Jun 2008 mikesamuel  
ObjectToSourceLeaksPrivates serializing an object can expose private state Jun 2008 mikesamuel  
ObjectEvalArbitraryCodeExecution eval reachable from any Object on some browsers Jun 2008 mikesamuel  
NullCharEscapes cannot match protocol of an absolute URL via String.startsWith. Jun 2008 mikesamuel  
FunctionSpecies defining and calling functions in Caja Jun 2008 mikesamuel  
FunctionMethodsLeakGlobalScope myFunction.call(null) causes `this` to bind to the global object Jun 2008 mikesamuel  
FunctionMemberCrossScopeParameterAccess myFn.arguments[0] changes local variables while call in progress Jun 2008 mikesamuel  
EvalArbitraryCodeExecution Jun 2008 mikesamuel  
DomAllowsKeylogging Jun 2008 mikesamuel  
DocTypesCanInjectUnsanitizedContent HTML suffers from XXE which can inject scripts Jun 2008 mikesamuel  
CrossScopeParameterModification function parameters can be changed without assignment via `arguments` Jun 2008 mikesamuel  
CssTemplating Dynamic CSS factories compiled from templates to javascript Jun 2008 mikesamuel  
ConfusedHtmlParsers malformed HTML can obfuscate tags and tag and attribute names. Jun 2008 mikesamuel  
CapabilityUseCases Places where capabilities might be useful in web applications. Jun 2008 mikesamuel  
ArgumentsMaskedByVar special arguments array maskable Jun 2008 mikesamuel  
ArgumentsExposesCaller Reflective call stack traversal leaks references. Jun 2008 mikesamuel  
RefactoringToolFeatureRequests A list of features we'd like to have in the refactoring tool Apr 2008 metaweta  
EventChecksCircumventableByInfLoops Invariants enforced by event handlers can be circumvented by causing the browser to turn off javascript. Jan 2008 mikesamuel  
EventHandlersEvalWithDom Nov 2007 mikesamuel  
ParentCircumventsScoping Nov 2007 mikesamuel  
InnerHtmlYieldsCdata Oct 2007 mikesamuel  
DomNodeAllowArbitraryCodeExecution Oct 2007 mikesamuel  
DomAllowsXsrf Oct 2007 mikesamuel  
  
Show columns:
  PageName
  Summary
  Changed
  ChangedBy
    RevNum
    Phase
    Attack
    Edit column spec...