My favorites | Sign in
Project Home Downloads Wiki Issues Source
Search
for
CajaLexicon  
Loose definitions for some of the core terminology that will facilitate getting up to speed with Caja
Updated Aug 4, 2010 by kpreid.switchb.org

Introduction

Caja is a fairly intricate and complex project with a lot of very specialized aspects. As such, it can be especially useful to understand some of the key terminology that you'll commonly find in the source code and existing documentation. This page is an attempt at getting a simple lexicon started that will facilitate learning for newcomers to the project as well as help the existing project team communicate important changes to central aspects of the project as it evolves.

Concepts

  • Caja - An open source project that allows you to run untrusted JavaScript code in a web page in a secure manner by providing what may be thought of as a "virtual iframe". A few examples of the ways that the Caja project allows untrusted code to run securely is by providing mechanisms for proxying URLs that appear in anchor elements, protecting against known XSS vulnerabilities, sanitizing HTML/CSS, and exposing the Valija and Cajita languages, which are both subsets of JavaScript. Note: Caja itself is a project, not a language. Note: a traditional way of running untrusted code in a web page is by using iframes such that the domain of the untrusted code is different from the domain of the parent page, and thus, having the browser enforce basic cross-domain security.
  • Cajoling - The process of taking JavaScript and transforming it into Valija or Cajita.
  • Valija - A subset of JavaScript that removes many of the "sharp knives" such as the "with" construct and "eval", provides each module with its own global environment instead of a shared one, the capability to "freeze" objects so that attempts to modify, add, or delete properties will throw an error, etc. For a terrific introduction to more of these specifics seen the Caja white paper entitled Caja: Safe active content in sanitized JavaScript. Valija may be thought of as an object-capability language "at the boundary" in that there are no capabilities inside of the "virtual iframe" it is used within except for things that have been explicitly imported from the outside whereas Cajita is a bona fide object-capability language throughout.
  • Cajita - An object-capability language that is a very strict subset of Valija. Perhaps the most central difference between Valija and Cajita is that Cajita does not allow the magic keyword "this". It is preferred that Cajita be used to write new code, while Valija is often used to port existing code because it's usually very difficult or impossible to remove all references to "this" from complex code bases.
  • Taming - The act of exposing a safe interface to uncajoled code, usually because it is not feasible to transform the code to Valija.
  • Object-capability language - A language that protects the outside world from objects. Objects cannot act on one another without somehow being passed an explicit reference in an object-capability language. Objects cannot cause effects outside of themselves without these references. See also the Wikipedia article on Object-Capability Models
  • Innocent Code - Code that is assumed to be ignorant of Caja. Innocent code is not considered to be actively malicious, but may be buggy, and therefore, accidentally harmful or exploitable. Innocent code is often legacy code such as libraries that end up being run tamed or otherwise untranslated into Valija or Cajita.

Detailed terminology

  • Module - A JavaScript file which is the output of the cajoling process, which may be loaded into a host page under its control. Modules may or may not include HTML. Cajoling a gadget produces a module.
  • Gadget - A module which presents HTML, especially an OpenSocial gadget. Some text incorrectly refers to modules as gadgets. It is not quite settled whether the term “gadget” refers strictly to OpenSocial gadgets.
  • Container - A web site which displays gadgets. Some text incorrectly refers to host pages as containers.
  • Host page - A web page which loads Caja modules, and may or may not use Valija to display HTML in those modules to the user.

  • URI policy - A policy used by the cajoler and DOM taming to rewrite URIs/URLs in cajoled content for various reasons. See UriPolicy.

Caja project internals

  • Plugin, as in the com.google.caja.plugin package name - An obsolete synonym for gadget.

  • URL policy - An obsolete synonym for URI policy.


Sign in to add a comment
Powered by Google Project Hosting