| Sign in

A source-to-source translator for securing Javascript-based web content

Project Home		Downloads		Wiki		Issues		Source

Search

End-user's Guide

Integration Guide

Developer's Guide

Design Decisions

Releases

CajaVersions

Community

External articles about caja
Containers that use caja
Mailing lists
Ideas and feature requests

RefactoringToolFeatureRequests

Glossary of common terms
All wiki pages

Updated Jun 23, 2009 by ptwobrussell

CajaLexicon

Loose definitions for some of the core terminology that will facilitate getting up to speed with Caja

Introduction

Caja is a fairly intricate and complex project with a lot of very specialized aspects. As such, it can be especially useful to understand some of the key terminology that you'll commonly find in the source code and existing documentation. This page is an attempt at getting a simple lexicon started that will facilitate learning for newcomers to the project as well as help the existing project team communicate important changes to central aspects of the project as it evolves.

Details

Caja - An open source project that allows you to run untrusted JavaScript code in a web page in a secure manner by providing what may be thought of as a "virtual iframe". A few examples of the ways that the Caja project allows untrusted code to run securely is by providing mechanisms for proxying URLs that appear in anchor elements, protecting against known XSS vulnerabilities, sanitizing HTML/CSS, and exposing the Valija and Cajita languages, which are both subsets of JavaScript. Note: Caja itself is a project, not a language. Note: a traditional way of running untrusted code in a web page is by using iframes such that the domain of the untrusted code is different from the domain of the parent page, and thus, having the browser enforce basic cross-domain security.

Cajoling - The process of taking JavaScript and transforming it into Valija or Cajita.

Valija - A subset of JavaScript that removes many of the "sharp knives" such as the "with" construct and "eval", provides each module with its own global environment instead of a shared one, the capability to "freeze" objects so that attempts to modify, add, or delete properties will throw an error, etc. For a terrific introduction to more of these specifics seen the Caja white paper entitled Caja: Safe active content in sanitized JavaScript. Valija may be thought of as an object-capability language "at the boundary" in that there are no capabilities inside of the "virtual iframe" it is used within except for things that have been explicitly imported from the outside whereas Cajita is a bona fide object-capability language throughout.

Cajita - An object-capability language that is a very strict subset of Valija. Perhaps the most central difference between Valija and Cajita is that Cajita does not allow the magic keyword "this". It is preferred that Cajita be used to write new code, while Valija is often used to port existing code because it's usually very difficult or impossible to remove all references to "this" from complex code bases.

Taming - The act of exposing a safe interface to uncajoled code, usually because it is not feasible to transform the code to Valija.

Object Capabilities Language - A language that protects the outside world from objects. Objects cannot act on one another without somehow being passed an explicit reference in an object capabilities language. Objects cannot cause effects outside of themselves without these references. See also the Wikipedia article on Object-Capability Models

Innocent Code - Code that is assumed to be ignorant of Caja. Innocent code is not considered to be actively malicious, but may be buggy, and therefore, accidentally harmful or exploitable. Innocent code is often legacy code such as libraries that end up being run tamed or otherwise untranslated into Valija or Cajita.

Sign in to add a comment