Gruppi
Accedi
Gruppi
Google Caja Discuss
Conversazioni
Informazioni
Invia feedback
Guida
Google Caja Discuss
Contatta proprietari e gestori
1-30 di 10391
Segna tutti come già letti
Segnala gruppo
0 selezionati
Mike Power
, …
Mark S. Miller
4
14/01/20
Caja performance recommendations
Well since the broad conclusion is not caja, and there are a great many ses discussions regarding
da leggere,
Caja performance recommendations
Well since the broad conclusion is not caja, and there are a great many ses discussions regarding
14/01/20
Kevin Reid
06/06/19
Caja Security Advisory 2019-06-06
## Background When guest HTML contains an element that is not permitted by Caja's whitelist, it
da leggere,
Caja Security Advisory 2019-06-06
## Background When guest HTML contains an element that is not permitted by Caja's whitelist, it
06/06/19
Mark Miller
,
Kevin Reid
3
16/01/19
Public disclosure of responsibly disclosed SES bugs
That's a good point. I missed that. Yes, if the mandatory parse rejects template strings, I don
da leggere,
Public disclosure of responsibly disclosed SES bugs
That's a good point. I missed that. Yes, if the mandatory parse rejects template strings, I don
16/01/19
Yehonathan Sharvit
, …
Mark Miller
16
13/01/19
sanitized eval with Caja
Hi Yehonathan, I have gone through the public issues at https://github.com/Agoric/SES/issues , filed
da leggere,
sanitized eval with Caja
Hi Yehonathan, I have gone through the public issues at https://github.com/Agoric/SES/issues , filed
13/01/19
Mike Stay
,
Mark Miller
6
09/01/19
Status of other sources of SES?
Neither Agoric nor Salesforce are likely to invest effort backporting fixes into original-SES. I
da leggere,
Status of other sources of SES?
Neither Agoric nor Salesforce are likely to invest effort backporting fixes into original-SES. I
09/01/19
Mark Miller
03/12/18
POLA Would Have Prevented the Event-Stream Incident
The npm / event-stream incident is the perfect teaching moment for POLA (Principle of Least Authority
da leggere,
POLA Would Have Prevented the Event-Stream Incident
The npm / event-stream incident is the perfect teaching moment for POLA (Principle of Least Authority
03/12/18
Michael FIG
30/10/18
Strawman: defending from deep recursion and long loops
Hi, I have a simple browser test set up at: https://michaelfig.github.io/caja/exhaust.html I don'
da leggere,
Strawman: defending from deep recursion and long loops
Hi, I have a simple browser test set up at: https://michaelfig.github.io/caja/exhaust.html I don'
30/10/18
Michael FIG
, …
Mark Miller
7
16/10/18
Defending from long-running or infinite loops
On Mon, Oct 15, 2018 at 7:15 PM Michael FIG <kekit...@gmail.com> wrote: I think I will also
da leggere,
Defending from long-running or infinite loops
On Mon, Oct 15, 2018 at 7:15 PM Michael FIG <kekit...@gmail.com> wrote: I think I will also
16/10/18
Kevin Reid
02/04/18
Caja Security Advisory 2018-04-02
## Background Caja contains an optional feature, in the deprecated ES5/3 mode, to allow embedding
da leggere,
Caja Security Advisory 2018-04-02
## Background Caja contains an optional feature, in the deprecated ES5/3 mode, to allow embedding
02/04/18
Marc H
, …
Mike Stay
9
12/02/18
Script inclusion error
For the specific case of Math, you could shadow the real Math object with an object that merely
da leggere,
Script inclusion error
For the specific case of Math, you could shadow the real Math object with an object that merely
12/02/18
Marc H
,
Kevin Reid
2
09/02/18
Dynamic guest page embedding
On Fri, Feb 9, 2018 at 12:32 PM, Marc H <zappy...@gmail.com> wrote: I am trying to use Caja
da leggere,
Dynamic guest page embedding
On Fri, Feb 9, 2018 at 12:32 PM, Marc H <zappy...@gmail.com> wrote: I am trying to use Caja
09/02/18
Kevin Reid
14/11/17
Caja Security Advisory 2017-11-14
## Background Browsers have recently added new language features which allow executing code from a
da leggere,
Caja Security Advisory 2017-11-14
## Background Browsers have recently added new language features which allow executing code from a
14/11/17
Mark Miller
3
04/11/17
WASM and ocaps
On these lists, sometimes we cross-post when introducing a topic but then announce that further
da leggere,
WASM and ocaps
On these lists, sometimes we cross-post when introducing a topic but then announce that further
04/11/17
My Routes
,
Kevin Reid
2
03/11/17
Feature request: add 'allow-geolocation' to IFRAME sandbox mode in HtmlService
On Wed, Nov 1, 2017 at 8:20 AM, My Routes <myro...@gmail.com> wrote: In order for a cross-
da leggere,
Feature request: add 'allow-geolocation' to IFRAME sandbox mode in HtmlService
On Wed, Nov 1, 2017 at 8:20 AM, My Routes <myro...@gmail.com> wrote: In order for a cross-
03/11/17
jwi...@lifelink.com
, …
Mike Stay
4
23/08/17
Syntax error when following example code
In particular, there's this snippet: ------------------- Running guest JavaScript from content
da leggere,
Syntax error when following example code
In particular, there's this snippet: ------------------- Running guest JavaScript from content
23/08/17
Doug Koellmer
, …
Mike Stay
13
25/05/17
Reusing DIVs.
As far as destroying an interval goes, you can replace the existing setInterval function before
da leggere,
Reusing DIVs.
As far as destroying an interval goes, you can replace the existing setInterval function before
25/05/17
Mark S. Miller
03/05/17
CFP: OCAP 2017, Object-Capability Languages, Systems, and Applications
http://conf.researchr.org/track/ocap-2017/ocap-2017#Call-for-Presentations Call for Presentations The
da leggere,
CFP: OCAP 2017, Object-Capability Languages, Systems, and Applications
http://conf.researchr.org/track/ocap-2017/ocap-2017#Call-for-Presentations Call for Presentations The
03/05/17
o x
,
Kevin Reid
3
02/05/17
load caja from iframes and load the caja lib ones in window.parent.caja
thank you Kevin Reid! that did the the trick :) On Tuesday, May 2, 2017 at 11:50:02 PM UTC+7, Kevin
da leggere,
load caja from iframes and load the caja lib ones in window.parent.caja
thank you Kevin Reid! that did the the trick :) On Tuesday, May 2, 2017 at 11:50:02 PM UTC+7, Kevin
02/05/17
o x
,
Kevin Reid
6
02/05/17
how to unescape the content of guest before run?
ok thank you On Tuesday, May 2, 2017 at 11:17:54 PM UTC+7, Kevin Reid wrote: You'll have to
da leggere,
how to unescape the content of guest before run?
ok thank you On Tuesday, May 2, 2017 at 11:17:54 PM UTC+7, Kevin Reid wrote: You'll have to
02/05/17
felbus
,
Kevin Reid
3
19/04/17
allow base64 data uri
ok thanks, ill take a look.. On Monday, 17 April 2017 17:46:01 UTC+1, Kevin Reid wrote: On Mon, Apr
da leggere,
allow base64 data uri
ok thanks, ill take a look.. On Monday, 17 April 2017 17:46:01 UTC+1, Kevin Reid wrote: On Mon, Apr
19/04/17
felbus
,
Kevin Reid
3
15/04/17
Allow full display and interaction with Html Emails
yep, that worked, thanks On Friday, 14 April 2017 18:05:58 UTC+1, Kevin Reid wrote: On Fri, Apr 14,
da leggere,
Allow full display and interaction with Html Emails
yep, that worked, thanks On Friday, 14 April 2017 18:05:58 UTC+1, Kevin Reid wrote: On Fri, Apr 14,
15/04/17
Vinod Patel
,
Kevin Reid
2
13/04/17
Add third party scripts to guest code.
On Thu, Apr 13, 2017 at 4:39 AM, Vinod Patel <vinodpa...@gmail.com> wrote: is it possible
da leggere,
Add third party scripts to guest code.
On Thu, Apr 13, 2017 at 4:39 AM, Vinod Patel <vinodpa...@gmail.com> wrote: is it possible
13/04/17
Tapan Anand
,
Kevin Reid
3
23/03/17
Do iframes with src still work in Caja?
Awesome! Thanks :) On Thursday, 23 March 2017 21:30:20 UTC+5:30, Kevin Reid wrote: On Thu, Mar 23,
da leggere,
Do iframes with src still work in Caja?
Awesome! Thanks :) On Thursday, 23 March 2017 21:30:20 UTC+5:30, Kevin Reid wrote: On Thu, Mar 23,
23/03/17
Mike Stay
, …
David Bruant
3
17/03/17
Does ECMAScript2015's "import" keyword provide ambient authority to the filesystem?
Le 17/03/2017 à 03:57, 'Mark S. Miller' via Google Caja Discuss a écrit : [+lots] The current
da leggere,
Does ECMAScript2015's "import" keyword provide ambient authority to the filesystem?
Le 17/03/2017 à 03:57, 'Mark S. Miller' via Google Caja Discuss a écrit : [+lots] The current
17/03/17
Mike Stay
2
06/10/16
Example code for SES?
Accidentally hit send. On Thu, Oct 6, 2016 at 2:53 PM, Mike Stay <meta...@gmail.com> wrote:
da leggere,
Example code for SES?
Accidentally hit send. On Thu, Oct 6, 2016 at 2:53 PM, Mike Stay <meta...@gmail.com> wrote:
06/10/16
Kevin Reid
01/06/16
Caja security advisory 2016-05-31
## Background For applications which used the Google API tamings (not enabled by default), the taming
da leggere,
Caja security advisory 2016-05-31
## Background For applications which used the Google API tamings (not enabled by default), the taming
01/06/16
re...@codereview-hr.appspotmail.com
,
fel...@gmail.com
2
31/05/16
Update Selenium to 2.53.0. (issue 300240043 by kpreid@google.com)
lgtm https://codereview.appspot.com/300240043/
da leggere,
Update Selenium to 2.53.0. (issue 300240043 by kpreid@google.com)
lgtm https://codereview.appspot.com/300240043/
31/05/16
re...@codereview-hr.appspotmail.com
,
eri...@gmail.com
2
27/05/16
Fix ses.funcLike protection against non-identifier names. (issue 301810043 by kpreid@google.com)
LGTM https://codereview.appspot.com/301810043/
da leggere,
Fix ses.funcLike protection against non-identifier names. (issue 301810043 by kpreid@google.com)
LGTM https://codereview.appspot.com/301810043/
27/05/16
Lukas Bombach
,
Kevin Reid
4
26/05/16
Can Caja still be used in production?
On Tue, May 24, 2016 at 3:48 AM, 'Lukas Bombach' via Google Caja Discuss <google-caja-
da leggere,
Can Caja still be used in production?
On Tue, May 24, 2016 at 3:48 AM, 'Lukas Bombach' via Google Caja Discuss <google-caja-
26/05/16
Kevin Reid
02/05/16
Re: [Caja] How to pass HTML/JS data from DB to caja
On Sat, Apr 30, 2016 at 2:44 PM, eqSan <mehra...@gmail.com> wrote: I'm trying to call
da leggere,
Re: [Caja] How to pass HTML/JS data from DB to caja
On Sat, Apr 30, 2016 at 2:44 PM, eqSan <mehra...@gmail.com> wrote: I'm trying to call
02/05/16