One thing I found about Google Caja while researching was that "It has a very bad documentation! " , atleast for an average guy.
The Way It Works is that the code is first passed onto the Caja Server , where the code is broken down into parse trees.Then the unsafe code is removed and remaining code is again put together so that it now belongs to a safe subset of javascript , i.e Vajita(check up name though, might be wrong name).
I have been working on what a host page template should look like . So far I have come up with something like this
The Way It Works is that the code is first passed onto the Caja Server , where the code is broken down into parse trees.Then the unsafe code is removed and remaining code is again put together so that it now belongs to a safe subset of javascript , i.e Vajita(check up name though, might be wrong name).
I have been working on what a host page template should look like . So far I have come up with something like this
<!-- host page -->
<!-- where the caja server is -->
<html>
<head>
<script type="text/javascript" src="www.caja.appspot.com/caja.js">
</script>
</head>
<body>
<p> CAJA HOST </p>
<div id="guest1"> </div>
<script type="text/javascript">
caja.markFunction(/* all those function which you want to provide to guest code */);
var tamedfunction_name = caja.tame(function_name);/*don't know difference between marking and taming */
/*format the url should adhere to */
var uriPolicy = { rewrite : function(uri) { if(true) { return uri; } else return undefined; } };
caja.initialize({ cajaServer:'https://caja.appspot.com/' , debug:true });
/*final guest code runs under div 'guest' */
caja.load( getElelemtById('guest1') , uriPolicy , function(frame) { frame.code('guest1.html','text/html') .api() .run();});
</script>
</body>
</html>
<!-- where the caja server is -->
<html>
<head>
<script type="text/javascript" src="www.caja.appspot.com/caja.js">
</script>
</head>
<body>
<p> CAJA HOST </p>
<div id="guest1"> </div>
<script type="text/javascript">
caja.markFunction(/* all those function which you want to provide to guest code */);
var tamedfunction_name = caja.tame(function_name);/*don't know difference between marking and taming */
/*format the url should adhere to */
var uriPolicy = { rewrite : function(uri) { if(true) { return uri; } else return undefined; } };
caja.initialize({ cajaServer:'https://caja.appspot.com/' , debug:true });
/*final guest code runs under div 'guest' */
caja.load( getElelemtById('guest1') , uriPolicy , function(frame) { frame.code('guest1.html','text/html') .api() .run();});
</script>
</body>
</html>
No comments:
Post a Comment