PageName	Summary + Labels	Changed	ChangedBy	...
	NiceNeighbor	How Cajita coexists with untranslated JavaScript	32 hours ago	erights
	CajaLexicon	Loose definitions for some of the core terminology that will facilitate getting up to speed with Caja	Jun 23	ptwobrussell
	UrlPolicy	specifies which URLs untrusted code can fetch, and in what contexts.	Jun 22	jasvir
	ErrorExposesParameterValues	The stack property of Error includes parameter values.	May 25	davidsarah.hopwood
	CatchBlocksScopeBleed	catch blocks don't always introduce a new scope.	May 23	davidsarah.hopwood
	SubsetRelationships	Relationships of Cajita, Valija, and various versions of JavaScript	May 19	erights
	InnocentCodeRewriter	A minimal JavaScript to JavaScript translator for innocent code	Apr 29	erights
	StringObfuscationIsEasy	regular expressions cannot match bad code without unacceptable false positives	Apr 25	mikesamuel
	GlobalScopeViaThis	`this` is often bound to the global scope.	Apr 23	pascallouisperez
	CssImportsAllowUnsanitizedCodeExecution	@import(<url>) can allow execution of script in unsanitized CSS	Apr 06	mikesamuel
	SimpleSubset	Cajita as the simplest full-function subset of JavaScript	Apr 04	erights
	TranslationTarget	Compiling Cajita to JavaScript	Apr 04	erights
	EmbeddedEmulation	How Cajita supports multiple Valija sandboxes	Apr 04	erights
	DebuggingShindig	How to debug cajoled gadgets in Shindig	Mar 24	jasvir
	SecurityAdvisories	All our security advisories.	Mar 23	b...@links.org
	SecurityAdvisory20090323	Security Advisory 23 March 2009	Mar 23	b...@links.org
	CajaHostingModules	How to host Caja modules	Mar 12	metaweta
	SecurityAdvisory20090220	Security Advisory 20 Feb 2009	Mar 07	b...@links.org
	GettingStarted	Resources for new users or users-to-be of Caja   Featured	Feb 20	b...@links.org
	RunningCaja	How to install Caja and run it from the command line.	Feb 20	b...@links.org
	LibraryTaming	How to tame libraries.	Feb 19	erights
	DeleteUnmasksGlobals	`delete` defeats masking of globals via `with`	Feb 14	jasvir
	FAQ	FAQ about problems when using Caja	Feb 08	jasvir
	JsHtmlSanitizer	How to use caja as a stand-alone client side sanitizer	Jan 14	mikesamuel
	ConditionalCompilationComments	Conditional compilation may allow disabling of runtime checks.	Dec 2008	mikesamuel
	JavaScript	The dialects of JavaScript used by the Caja project.	Dec 2008	metaweta
	WhatsMissing	What JavaScript constructs are proposed for EcmaScript or commonly used, and absent from Valija?	Dec 2008	erights
	IdAndNameMasking	Descendants with an ID or NAME attribute can mask properties defined in DOM2 HtmlCollection, HTMLFormElement, NamedNodeMap, etc.	Dec 2008	mikesamuel
	AttackVectors	Interpreter&Browser properties that can be exploited to escalate privileges.	Dec 2008	mikesamuel
	RunningJQueryTests	How to run the jQuery tests cajoled.	Nov 2008	metaweta
	CompoundAssignmentsCanReturnNonNumber	Compound assignment expressions might not evaluate to a number (or string in the case of +=), in violation of the ES3 specification. Simple assignments might not evaluate to their right-hand-side.	Nov 2008	davidsarah.hopwood
	RunningPrototypeTests	How to test Cajoled Prototype.	Nov 2008	b...@links.org
	NewNewCodeReview	Really simple code review scheme.	Nov 2008	b...@links.org
	CssAllowsArbitraryCodeExecution	CSS allows binding of properties to arbitrary javascript expressions	Nov 2008	davidsarah.hopwood
	MisOptimizations	Some interpreters try optimizations that subtly changing the semantics of builtin operators	Nov 2008	davidsarah.hopwood
	PostIncrementAndDecrementCanReturnNonNumber	Post-increment and post-decrement expressions might not evaluate to a number, in violation of the ES3 specification	Nov 2008	davidsarah.hopwood
	NewCodeReview	Proposed new code review scheme.	Oct 2008	b...@links.org
	ContributingCode	How to contribute to code to Caja	Oct 2008	jasvir
	HowDoesCajaStopX	FAQ explaining how Caja stops various kinds of attacks.	Aug 2008	mikesamuel
	UncaughtExceptionHandling	A mechanism for trapping and handling exceptions not handled during loadModule.	Aug 2008	mikesamuel
	EvalBreaksClosureEncapsulation	Eval extensions allow reaching into the scope chain of closures	Jul 2008	mikesamuel
	CajaWhitelists	Schema for whitelists used by the Cajoler	Jun 2008	mikesamuel
	InconsistentlyReservedKeywords	Context sensitive keywords not supported by some browsers cause parser ambiguity, possibly hoisting variables into the global scope.	Jun 2008	mikesamuel
	RegexpsLeakMatchGlobally	Any regular expression can match against the last string passed to any other	Jun 2008	mikesamuel
	PipelineConfiguration	How to configure the Cajoler pipeline	Jun 2008	mikesamuel
	SecurityReviewWhiteboards	Pictures of our whiteboards during the Caja Security Review.	Jun 2008	zestyping
	HiddenControlFlowHazard		Jun 2008	erights
	InternalProperties	List of properties internal to the Caja implementation and their semantics.	Jun 2008	zestyping
	ObjectProperties	How caja.js protects access to properties	Jun 2008	mikesamuel
	KnownIssuesForReview	A list of known issues for the review starting June 09, 2008.	Jun 2008	ihab.awad
	GlobalObjectPoisoning	passing any object cross-frame gives access to global definitions.	Jun 2008	mikesamuel
	CajaModule	Definition of a Caja Module	Jun 2008	metaweta
	XsrfViaXxe	parsing XML can cause the browser to fetch arbitrary URLs	Jun 2008	mikesamuel
	TypeofInconsistent	ES3 allows for arbitrary behavior around typeof	Jun 2008	mikesamuel
	SetTimeoutArbitraryCodeExecution	some browser intrinsics treat a string as code to eval.	Jun 2008	mikesamuel
	ScriptInHtml	inlined JS can break out of script tags to execute code hidden in strings or comments	Jun 2008	mikesamuel
	OutputChecks	sanity checks on cajoler output	Jun 2008	mikesamuel
	ObjectWatch	watch and unwatch intercept gets and sets to object properties	Jun 2008	mikesamuel
	ObjectToSourceLeaksPrivates	serializing an object can expose private state	Jun 2008	mikesamuel
	ObjectEvalArbitraryCodeExecution	eval reachable from any Object on some browsers	Jun 2008	mikesamuel
	NullCharEscapes	cannot match protocol of an absolute URL via String.startsWith.	Jun 2008	mikesamuel
	JsControlFormatChars		Jun 2008	mikesamuel
	FunctionSpecies	defining and calling functions in Caja	Jun 2008	mikesamuel
	FunctionMethodsLeakGlobalScope	myFunction.call(null) causes `this` to bind to the global object	Jun 2008	mikesamuel
	FunctionMemberCrossScopeParameterAccess	myFn.arguments[0] changes local variables while call in progress	Jun 2008	mikesamuel
	EvalArbitraryCodeExecution		Jun 2008	mikesamuel
	DomAllowsKeylogging		Jun 2008	mikesamuel
	DocTypesCanInjectUnsanitizedContent	HTML suffers from XXE which can inject scripts	Jun 2008	mikesamuel
	CrossScopeParameterModification	function parameters can be changed without assignment via `arguments`	Jun 2008	mikesamuel
	CssTemplating	Dynamic CSS factories compiled from templates to javascript	Jun 2008	mikesamuel
	CajaCajole	"Cajoling" is what we call the process of turning Caja input into JavaScript.	Jun 2008	ihab.awad
	ConfusedHtmlParsers	malformed HTML can obfuscate tags and tag and attribute names.	Jun 2008	mikesamuel
	CapabilityUseCases	Places where capabilities might be useful in web applications.	Jun 2008	mikesamuel
	ArgumentsMaskedByVar	special arguments array maskable	Jun 2008	mikesamuel
	ArgumentsExposesCaller	Reflective call stack traversal leaks references.	Jun 2008	mikesamuel
	RefactoringToolFeatureRequests	A list of features we'd like to have in the refactoring tool	Apr 2008	metaweta
	EventChecksCircumventableByInfLoops	Invariants enforced by event handlers can be circumvented by causing the browser to turn off javascript.	Jan 2008	mikesamuel
	EventHandlersEvalWithDom		Nov 2007	mikesamuel
	ParentCircumventsScoping		Nov 2007	mikesamuel
	InnerHtmlYieldsCdata		Oct 2007	mikesamuel
	DomNodeAllowArbitraryCodeExecution		Oct 2007	mikesamuel
	DomAllowsXsrf		Oct 2007	mikesamuel
	FunctionConstructor		Oct 2007	mikesamuel
	InaccessibleLocalVariables		Oct 2007	mikesamuel