What's new? | Help | Directory | Sign in
Google
google-caja
A source-to-source translator for securing Javascript-based web content
Project Home
  
Downloads
  
Wiki
  
Issues
  
Source
    
Search
for
  
  PageName Summary + Labels Changed ChangedBy ...
WhatsMissing 4 days ago davidsarah.hopwood  
EvalBreaksClosureEncapsulation Eval extensions allow reaching into the scope chain of closures Jul 11 mikesamuel  
AttackVectors Interpreter&Browser properties that can be exploited to escalate privileges. Jul 11 mikesamuel  
GettingStarted   Featured Jul 08 erights  
CajaHostingModules How to host Caja modules Jun 19 davidsarah.hopwood  
CajaWhitelists Schema for whitelists used by the Cajoler Jun 19 mikesamuel  
InconsistentlyReservedKeywords Context sensitive keywords not supported by some browsers cause parser ambiguity, possibly hoisting variables into the global scope. Jun 17 mikesamuel  
RegexpsLeakMatchGlobally Any regular expression can match against the last string passed to any other Jun 17 mikesamuel  
PipelineConfiguration How to configure the Cajoler pipeline Jun 16 mikesamuel  
SecurityReviewWhiteboards Pictures of our whiteboards during the Caja Security Review. Jun 11 zestyping  
HiddenControlFlowHazard Jun 10 erights  
InternalProperties List of properties internal to the Caja implementation and their semantics. Jun 10 zestyping  
ObjectProperties How caja.js protects access to properties Jun 10 mikesamuel  
KnownIssuesForReview A list of known issues for the review starting June 09, 2008. Jun 06 ihab.awad  
GlobalObjectPoisoning passing any object cross-frame gives access to global definitions. Jun 05 mikesamuel  
CajaModule Definition of a Caja Module Jun 05 metaweta  
XsrfViaXxe parsing XML can cause the browser to fetch arbitrary URLs Jun 05 mikesamuel  
TypeofInconsistent ES3 allows for arbitrary behavior around typeof Jun 05 mikesamuel  
StringObfuscationIsEasy regular expressions cannot match bad code without unacceptable false positives Jun 05 mikesamuel  
SetTimeoutArbitraryCodeExecution some browser intrinsics treat a string as code to eval. Jun 05 mikesamuel  
ScriptInHtml inlined JS can break out of script tags to execute code hidden in strings or comments Jun 05 mikesamuel  
OutputChecks sanity checks on cajoler output Jun 05 mikesamuel  
ObjectWatch watch and unwatch intercept gets and sets to object properties Jun 05 mikesamuel  
ObjectToSourceLeaksPrivates serializing an object can expose private state Jun 05 mikesamuel  
ObjectEvalArbitraryCodeExecution eval reachable from any Object on some browsers Jun 05 mikesamuel  
NullCharEscapes cannot match protocol of an absolute URL via String.startsWith. Jun 04 mikesamuel  
JsControlFormatChars Jun 04 mikesamuel  
GlobalScopeViaThis `this` is often bound to the global scope. Jun 04 mikesamuel  
FunctionSpecies defining and calling functions in Caja Jun 04 mikesamuel  
FunctionMethodsLeakGlobalScope myFunction.call(null) causes `this` to bind to the global object Jun 04 mikesamuel  
FunctionMemberCrossScopeParameterAccess myFn.arguments[0] changes local variables while call in progress Jun 04 mikesamuel  
EvalArbitraryCodeExecution Jun 04 mikesamuel  
DomAllowsKeylogging Jun 04 mikesamuel  
DocTypesCanInjectUnsanitizedContent HTML suffers from XXE which can inject scripts Jun 04 mikesamuel  
CrossScopeParameterModification function parameters can be changed without assignment via `arguments` Jun 04 mikesamuel  
DeleteUnmasksGlobals `delete` defeats masking of globals via `with` Jun 04 mikesamuel  
CssTemplating Dynamic CSS factories compiled from templates to javascript Jun 04 mikesamuel  
CajaCajole "Cajoling" is what we call the process of turning Caja input into JavaScript. Jun 03 ihab.awad  
CssImportsAllowUnsanitizedCodeExecution Jun 03 mikesamuel  
CssAllowsArbitraryCodeExecution CSS allows binding of properties to arbitrary javascript expressions Jun 03 mikesamuel  
ConfusedHtmlParsers malformed HTML can obfuscate tags and tag and attribute names. Jun 03 mikesamuel  
ConditionalCompilationComments Conditional compilation may allow disabling of runtime checks. Jun 03 mikesamuel  
CatchBlocksScopeBleed catch blocks don't always introduce a new scope. Jun 03 mikesamuel  
CapabilityUseCases Places where capabilities might be useful in web applications. Jun 03 mikesamuel  
ArgumentsMaskedByVar special arguments array maskable Jun 03 mikesamuel  
ArgumentsExposesCaller Reflective call stack traversal leaks references. Jun 03 mikesamuel  
ErrorExposesParameterValues The stack property of Error includes parameter values. Apr 29 mikesamuel  
RefactoringToolFeatureRequests A list of features we'd like to have in the refactoring tool Apr 24 metaweta  
EventChecksCircumventableByInfLoops Invariants enforced by event handlers can be circumvented by causing the browser to turn off javascript. Jan 31 mikesamuel  
EventHandlersEvalWithDom Nov 01 mikesamuel  
ParentCircumventsScoping Nov 01 mikesamuel  
InnerHtmlYieldsCdata Oct 25 mikesamuel  
DomNodeAllowArbitraryCodeExecution Oct 25 mikesamuel  
DomAllowsXsrf Oct 11 mikesamuel  
FunctionConstructor Oct 11 mikesamuel  
InaccessibleLocalVariables Oct 11 mikesamuel  
  
Show columns:
  PageName
  Summary
  Changed
  ChangedBy
    RevNum
    Phase
    Attack
    Edit Column Spec...