Google Caja Discuss

Well since the broad conclusion is not caja, and there are a great many ses discussions regarding

## Background When guest HTML contains an element that is not permitted by Caja's whitelist, it

That's a good point. I missed that. Yes, if the mandatory parse rejects template strings, I don

Hi Yehonathan, I have gone through the public issues at https://github.com/Agoric/SES/issues , filed

Neither Agoric nor Salesforce are likely to invest effort backporting fixes into original-SES. I

The npm / event-stream incident is the perfect teaching moment for POLA (Principle of Least Authority

Hi, I have a simple browser test set up at: https://michaelfig.github.io/caja/exhaust.html I don'

On Mon, Oct 15, 2018 at 7:15 PM Michael FIG <kekit...@gmail.com> wrote: I think I will also

## Background Caja contains an optional feature, in the deprecated ES5/3 mode, to allow embedding

For the specific case of Math, you could shadow the real Math object with an object that merely

On Fri, Feb 9, 2018 at 12:32 PM, Marc H <zappy...@gmail.com> wrote: I am trying to use Caja

## Background Browsers have recently added new language features which allow executing code from a

On these lists, sometimes we cross-post when introducing a topic but then announce that further

On Wed, Nov 1, 2017 at 8:20 AM, My Routes <myro...@gmail.com> wrote: In order for a cross-

In particular, there's this snippet: ------------------- Running guest JavaScript from content

As far as destroying an interval goes, you can replace the existing setInterval function before

http://conf.researchr.org/track/ocap-2017/ocap-2017#Call-for-Presentations Call for Presentations The

thank you Kevin Reid! that did the the trick :) On Tuesday, May 2, 2017 at 11:50:02 PM UTC+7, Kevin

ok thank you On Tuesday, May 2, 2017 at 11:17:54 PM UTC+7, Kevin Reid wrote: You'll have to

ok thanks, ill take a look.. On Monday, 17 April 2017 17:46:01 UTC+1, Kevin Reid wrote: On Mon, Apr

yep, that worked, thanks On Friday, 14 April 2017 18:05:58 UTC+1, Kevin Reid wrote: On Fri, Apr 14,

On Thu, Apr 13, 2017 at 4:39 AM, Vinod Patel <vinodpa...@gmail.com> wrote: is it possible

Awesome! Thanks :) On Thursday, 23 March 2017 21:30:20 UTC+5:30, Kevin Reid wrote: On Thu, Mar 23,

Le 17/03/2017 à 03:57, 'Mark S. Miller' via Google Caja Discuss a écrit : [+lots] The current

Accidentally hit send. On Thu, Oct 6, 2016 at 2:53 PM, Mike Stay <meta...@gmail.com> wrote:

## Background For applications which used the Google API tamings (not enabled by default), the taming

lgtm https://codereview.appspot.com/300240043/

LGTM https://codereview.appspot.com/301810043/

On Tue, May 24, 2016 at 3:48 AM, 'Lukas Bombach' via Google Caja Discuss <google-caja-

On Sat, Apr 30, 2016 at 2:44 PM, eqSan <mehra...@gmail.com> wrote: I'm trying to call