thank you for last replay.
so the .JS client post the escape html content (an advertisement content) to
asp.net server side.
the server store the content in xxx1.txt file,
the CAJA spouse to get the text from xxx1.txt and load it to guest.
the way i make the call from caja to the .txt is having the same file name,
so xxx1.html (with caja) call xxx1.txt (on same path)
caja.load(document.getElementById('guest'), undefined, function(frame) {
frame.code(document.location.href.replace(/\.[^/.]+$/, ".txt"),
'text/html')
.run();
});
ad-Right-1-10500840416-180x700.html
ad-Right-1-10500840416-180x700.txt
---------------------------------------------------------------
so at the moment i unescape from the server... rusher then on client, as well i havent checked if caja filter escape content.. (case unescape it after caja run...)