Grupper
Logga in
Grupper
Google Caja Discuss
Konversationer
Om
Skicka feedback
Hjälp
Google Caja Discuss
Kontakta ägare och ansvariga
1–30 av 10391
Markera alla som lästa
Rapportera gruppen
0 har valts
Mike Power
, …
Mark S. Miller
4
2020-01-14
Caja performance recommendations
Well since the broad conclusion is not caja, and there are a great many ses discussions regarding
oläst,
Caja performance recommendations
Well since the broad conclusion is not caja, and there are a great many ses discussions regarding
2020-01-14
Kevin Reid
2019-06-06
Caja Security Advisory 2019-06-06
## Background When guest HTML contains an element that is not permitted by Caja's whitelist, it
oläst,
Caja Security Advisory 2019-06-06
## Background When guest HTML contains an element that is not permitted by Caja's whitelist, it
2019-06-06
Mark Miller
,
Kevin Reid
3
2019-01-16
Public disclosure of responsibly disclosed SES bugs
That's a good point. I missed that. Yes, if the mandatory parse rejects template strings, I don
oläst,
Public disclosure of responsibly disclosed SES bugs
That's a good point. I missed that. Yes, if the mandatory parse rejects template strings, I don
2019-01-16
Yehonathan Sharvit
, …
Mark Miller
16
2019-01-13
sanitized eval with Caja
Hi Yehonathan, I have gone through the public issues at https://github.com/Agoric/SES/issues , filed
oläst,
sanitized eval with Caja
Hi Yehonathan, I have gone through the public issues at https://github.com/Agoric/SES/issues , filed
2019-01-13
Mike Stay
,
Mark Miller
6
2019-01-09
Status of other sources of SES?
Neither Agoric nor Salesforce are likely to invest effort backporting fixes into original-SES. I
oläst,
Status of other sources of SES?
Neither Agoric nor Salesforce are likely to invest effort backporting fixes into original-SES. I
2019-01-09
Mark Miller
2018-12-03
POLA Would Have Prevented the Event-Stream Incident
The npm / event-stream incident is the perfect teaching moment for POLA (Principle of Least Authority
oläst,
POLA Would Have Prevented the Event-Stream Incident
The npm / event-stream incident is the perfect teaching moment for POLA (Principle of Least Authority
2018-12-03
Michael FIG
2018-10-30
Strawman: defending from deep recursion and long loops
Hi, I have a simple browser test set up at: https://michaelfig.github.io/caja/exhaust.html I don'
oläst,
Strawman: defending from deep recursion and long loops
Hi, I have a simple browser test set up at: https://michaelfig.github.io/caja/exhaust.html I don'
2018-10-30
Michael FIG
, …
Mark Miller
7
2018-10-16
Defending from long-running or infinite loops
On Mon, Oct 15, 2018 at 7:15 PM Michael FIG <kekit...@gmail.com> wrote: I think I will also
oläst,
Defending from long-running or infinite loops
On Mon, Oct 15, 2018 at 7:15 PM Michael FIG <kekit...@gmail.com> wrote: I think I will also
2018-10-16
Kevin Reid
2018-04-02
Caja Security Advisory 2018-04-02
## Background Caja contains an optional feature, in the deprecated ES5/3 mode, to allow embedding
oläst,
Caja Security Advisory 2018-04-02
## Background Caja contains an optional feature, in the deprecated ES5/3 mode, to allow embedding
2018-04-02
Marc H
, …
Mike Stay
9
2018-02-12
Script inclusion error
For the specific case of Math, you could shadow the real Math object with an object that merely
oläst,
Script inclusion error
For the specific case of Math, you could shadow the real Math object with an object that merely
2018-02-12
Marc H
,
Kevin Reid
2
2018-02-09
Dynamic guest page embedding
On Fri, Feb 9, 2018 at 12:32 PM, Marc H <zappy...@gmail.com> wrote: I am trying to use Caja
oläst,
Dynamic guest page embedding
On Fri, Feb 9, 2018 at 12:32 PM, Marc H <zappy...@gmail.com> wrote: I am trying to use Caja
2018-02-09
Kevin Reid
2017-11-14
Caja Security Advisory 2017-11-14
## Background Browsers have recently added new language features which allow executing code from a
oläst,
Caja Security Advisory 2017-11-14
## Background Browsers have recently added new language features which allow executing code from a
2017-11-14
Mark Miller
3
2017-11-04
WASM and ocaps
On these lists, sometimes we cross-post when introducing a topic but then announce that further
oläst,
WASM and ocaps
On these lists, sometimes we cross-post when introducing a topic but then announce that further
2017-11-04
My Routes
,
Kevin Reid
2
2017-11-03
Feature request: add 'allow-geolocation' to IFRAME sandbox mode in HtmlService
On Wed, Nov 1, 2017 at 8:20 AM, My Routes <myro...@gmail.com> wrote: In order for a cross-
oläst,
Feature request: add 'allow-geolocation' to IFRAME sandbox mode in HtmlService
On Wed, Nov 1, 2017 at 8:20 AM, My Routes <myro...@gmail.com> wrote: In order for a cross-
2017-11-03
jwi...@lifelink.com
, …
Mike Stay
4
2017-08-23
Syntax error when following example code
In particular, there's this snippet: ------------------- Running guest JavaScript from content
oläst,
Syntax error when following example code
In particular, there's this snippet: ------------------- Running guest JavaScript from content
2017-08-23
Doug Koellmer
, …
Mike Stay
13
2017-05-25
Reusing DIVs.
As far as destroying an interval goes, you can replace the existing setInterval function before
oläst,
Reusing DIVs.
As far as destroying an interval goes, you can replace the existing setInterval function before
2017-05-25
Mark S. Miller
2017-05-03
CFP: OCAP 2017, Object-Capability Languages, Systems, and Applications
http://conf.researchr.org/track/ocap-2017/ocap-2017#Call-for-Presentations Call for Presentations The
oläst,
CFP: OCAP 2017, Object-Capability Languages, Systems, and Applications
http://conf.researchr.org/track/ocap-2017/ocap-2017#Call-for-Presentations Call for Presentations The
2017-05-03
o x
,
Kevin Reid
3
2017-05-02
load caja from iframes and load the caja lib ones in window.parent.caja
thank you Kevin Reid! that did the the trick :) On Tuesday, May 2, 2017 at 11:50:02 PM UTC+7, Kevin
oläst,
load caja from iframes and load the caja lib ones in window.parent.caja
thank you Kevin Reid! that did the the trick :) On Tuesday, May 2, 2017 at 11:50:02 PM UTC+7, Kevin
2017-05-02
o x
,
Kevin Reid
6
2017-05-02
how to unescape the content of guest before run?
ok thank you On Tuesday, May 2, 2017 at 11:17:54 PM UTC+7, Kevin Reid wrote: You'll have to
oläst,
how to unescape the content of guest before run?
ok thank you On Tuesday, May 2, 2017 at 11:17:54 PM UTC+7, Kevin Reid wrote: You'll have to
2017-05-02
felbus
,
Kevin Reid
3
2017-04-19
allow base64 data uri
ok thanks, ill take a look.. On Monday, 17 April 2017 17:46:01 UTC+1, Kevin Reid wrote: On Mon, Apr
oläst,
allow base64 data uri
ok thanks, ill take a look.. On Monday, 17 April 2017 17:46:01 UTC+1, Kevin Reid wrote: On Mon, Apr
2017-04-19
felbus
,
Kevin Reid
3
2017-04-15
Allow full display and interaction with Html Emails
yep, that worked, thanks On Friday, 14 April 2017 18:05:58 UTC+1, Kevin Reid wrote: On Fri, Apr 14,
oläst,
Allow full display and interaction with Html Emails
yep, that worked, thanks On Friday, 14 April 2017 18:05:58 UTC+1, Kevin Reid wrote: On Fri, Apr 14,
2017-04-15
Vinod Patel
,
Kevin Reid
2
2017-04-13
Add third party scripts to guest code.
On Thu, Apr 13, 2017 at 4:39 AM, Vinod Patel <vinodpa...@gmail.com> wrote: is it possible
oläst,
Add third party scripts to guest code.
On Thu, Apr 13, 2017 at 4:39 AM, Vinod Patel <vinodpa...@gmail.com> wrote: is it possible
2017-04-13
Tapan Anand
,
Kevin Reid
3
2017-03-23
Do iframes with src still work in Caja?
Awesome! Thanks :) On Thursday, 23 March 2017 21:30:20 UTC+5:30, Kevin Reid wrote: On Thu, Mar 23,
oläst,
Do iframes with src still work in Caja?
Awesome! Thanks :) On Thursday, 23 March 2017 21:30:20 UTC+5:30, Kevin Reid wrote: On Thu, Mar 23,
2017-03-23
Mike Stay
, …
David Bruant
3
2017-03-17
Does ECMAScript2015's "import" keyword provide ambient authority to the filesystem?
Le 17/03/2017 à 03:57, 'Mark S. Miller' via Google Caja Discuss a écrit : [+lots] The current
oläst,
Does ECMAScript2015's "import" keyword provide ambient authority to the filesystem?
Le 17/03/2017 à 03:57, 'Mark S. Miller' via Google Caja Discuss a écrit : [+lots] The current
2017-03-17
Mike Stay
2
2016-10-06
Example code for SES?
Accidentally hit send. On Thu, Oct 6, 2016 at 2:53 PM, Mike Stay <meta...@gmail.com> wrote:
oläst,
Example code for SES?
Accidentally hit send. On Thu, Oct 6, 2016 at 2:53 PM, Mike Stay <meta...@gmail.com> wrote:
2016-10-06
Kevin Reid
2016-06-01
Caja security advisory 2016-05-31
## Background For applications which used the Google API tamings (not enabled by default), the taming
oläst,
Caja security advisory 2016-05-31
## Background For applications which used the Google API tamings (not enabled by default), the taming
2016-06-01
re...@codereview-hr.appspotmail.com
,
fel...@gmail.com
2
2016-05-31
Update Selenium to 2.53.0. (issue 300240043 by kpreid@google.com)
lgtm https://codereview.appspot.com/300240043/
oläst,
Update Selenium to 2.53.0. (issue 300240043 by kpreid@google.com)
lgtm https://codereview.appspot.com/300240043/
2016-05-31
re...@codereview-hr.appspotmail.com
,
eri...@gmail.com
2
2016-05-27
Fix ses.funcLike protection against non-identifier names. (issue 301810043 by kpreid@google.com)
LGTM https://codereview.appspot.com/301810043/
oläst,
Fix ses.funcLike protection against non-identifier names. (issue 301810043 by kpreid@google.com)
LGTM https://codereview.appspot.com/301810043/
2016-05-27
Lukas Bombach
,
Kevin Reid
4
2016-05-26
Can Caja still be used in production?
On Tue, May 24, 2016 at 3:48 AM, 'Lukas Bombach' via Google Caja Discuss <google-caja-
oläst,
Can Caja still be used in production?
On Tue, May 24, 2016 at 3:48 AM, 'Lukas Bombach' via Google Caja Discuss <google-caja-
2016-05-26
Kevin Reid
2016-05-02
Re: [Caja] How to pass HTML/JS data from DB to caja
On Sat, Apr 30, 2016 at 2:44 PM, eqSan <mehra...@gmail.com> wrote: I'm trying to call
oläst,
Re: [Caja] How to pass HTML/JS data from DB to caja
On Sat, Apr 30, 2016 at 2:44 PM, eqSan <mehra...@gmail.com> wrote: I'm trying to call
2016-05-02