google-caja


Compiler for making third-party HTML, CSS and JavaScript safe for embedding

Caja users, please visit us at Google Developers

Caja developers, we've moved to GitHub.


The Caja Compiler is a tool for making third party HTML, CSS and JavaScript safe to embed in your website. It enables rich interaction between the embedding page and the embedded applications. Caja uses an object-capability security model to allow for a wide range of flexible security policies, so that your website can effectively control what embedded third party code can do with user data.

Contacting us

Discussions

Our http://groups.google.com/group/google-caja-discuss'>discussion group is the best place to contact us. First posts are moderated to remove spam, so don't worry if your post doesn't show up immediately.

Reporting Bugs & Security Issues

Please report potential vulnerabilities using the http://code.google.com/p/google-caja/issues/entry?template=Private%20Issue'>private issue tracker, and bugs and feature requests via the http://code.google.com/p/google-caja/issues/entry'>public issue tracker. The Caja team encourages http://en.wikipedia.org/wiki/Responsible_disclosure'>responsible disclosure, since production services rely on us for security. We will work to resolve the issue and make sure credit is given.

Contributing

The Caja team includes people from a number of different companies and some private individuals. If you would like to contribute, introduce yourself on our http://groups.google.com/group/google-caja-discuss'>discussion group.

News

Talks

Project Information

Labels:
Google Javascript Security Object-capabilities Caja POLA Mashups