Groups
Conversations
All groups and messages
Send feedback to Google
Help
Training
Sign in
Groups
Google Caja Discuss
Conversations
About
Groups keyboard shortcuts have been updated
Dismiss
See shortcuts
Google Caja Discuss
Contact owners and managers
1–30 of 10391
Mark all as read
Report group
0 selected
Mike Power
, …
Mark S. Miller
4
1/14/20
Caja performance recommendations
Well since the broad conclusion is not caja, and there are a great many ses discussions regarding
unread,
Caja performance recommendations
Well since the broad conclusion is not caja, and there are a great many ses discussions regarding
1/14/20
Kevin Reid
6/6/19
Caja Security Advisory 2019-06-06
## Background When guest HTML contains an element that is not permitted by Caja's whitelist, it
unread,
Caja Security Advisory 2019-06-06
## Background When guest HTML contains an element that is not permitted by Caja's whitelist, it
6/6/19
Mark Miller
,
Kevin Reid
3
1/16/19
Public disclosure of responsibly disclosed SES bugs
That's a good point. I missed that. Yes, if the mandatory parse rejects template strings, I don
unread,
Public disclosure of responsibly disclosed SES bugs
That's a good point. I missed that. Yes, if the mandatory parse rejects template strings, I don
1/16/19
Yehonathan Sharvit
, …
Mark Miller
16
1/13/19
sanitized eval with Caja
Hi Yehonathan, I have gone through the public issues at https://github.com/Agoric/SES/issues , filed
unread,
sanitized eval with Caja
Hi Yehonathan, I have gone through the public issues at https://github.com/Agoric/SES/issues , filed
1/13/19
Mike Stay
,
Mark Miller
6
1/9/19
Status of other sources of SES?
Neither Agoric nor Salesforce are likely to invest effort backporting fixes into original-SES. I
unread,
Status of other sources of SES?
Neither Agoric nor Salesforce are likely to invest effort backporting fixes into original-SES. I
1/9/19
Mark Miller
12/3/18
POLA Would Have Prevented the Event-Stream Incident
The npm / event-stream incident is the perfect teaching moment for POLA (Principle of Least Authority
unread,
POLA Would Have Prevented the Event-Stream Incident
The npm / event-stream incident is the perfect teaching moment for POLA (Principle of Least Authority
12/3/18
Michael FIG
10/30/18
Strawman: defending from deep recursion and long loops
Hi, I have a simple browser test set up at: https://michaelfig.github.io/caja/exhaust.html I don'
unread,
Strawman: defending from deep recursion and long loops
Hi, I have a simple browser test set up at: https://michaelfig.github.io/caja/exhaust.html I don'
10/30/18
Michael FIG
, …
Mark Miller
7
10/16/18
Defending from long-running or infinite loops
On Mon, Oct 15, 2018 at 7:15 PM Michael FIG <kekit...@gmail.com> wrote: I think I will also
unread,
Defending from long-running or infinite loops
On Mon, Oct 15, 2018 at 7:15 PM Michael FIG <kekit...@gmail.com> wrote: I think I will also
10/16/18
Kevin Reid
4/2/18
Caja Security Advisory 2018-04-02
## Background Caja contains an optional feature, in the deprecated ES5/3 mode, to allow embedding
unread,
Caja Security Advisory 2018-04-02
## Background Caja contains an optional feature, in the deprecated ES5/3 mode, to allow embedding
4/2/18
Marc H
, …
Mike Stay
9
2/12/18
Script inclusion error
For the specific case of Math, you could shadow the real Math object with an object that merely
unread,
Script inclusion error
For the specific case of Math, you could shadow the real Math object with an object that merely
2/12/18
Marc H
,
Kevin Reid
2
2/9/18
Dynamic guest page embedding
On Fri, Feb 9, 2018 at 12:32 PM, Marc H <zappy...@gmail.com> wrote: I am trying to use Caja
unread,
Dynamic guest page embedding
On Fri, Feb 9, 2018 at 12:32 PM, Marc H <zappy...@gmail.com> wrote: I am trying to use Caja
2/9/18
Kevin Reid
11/14/17
Caja Security Advisory 2017-11-14
## Background Browsers have recently added new language features which allow executing code from a
unread,
Caja Security Advisory 2017-11-14
## Background Browsers have recently added new language features which allow executing code from a
11/14/17
Mark Miller
3
11/4/17
WASM and ocaps
On these lists, sometimes we cross-post when introducing a topic but then announce that further
unread,
WASM and ocaps
On these lists, sometimes we cross-post when introducing a topic but then announce that further
11/4/17
My Routes
,
Kevin Reid
2
11/3/17
Feature request: add 'allow-geolocation' to IFRAME sandbox mode in HtmlService
On Wed, Nov 1, 2017 at 8:20 AM, My Routes <myro...@gmail.com> wrote: In order for a cross-
unread,
Feature request: add 'allow-geolocation' to IFRAME sandbox mode in HtmlService
On Wed, Nov 1, 2017 at 8:20 AM, My Routes <myro...@gmail.com> wrote: In order for a cross-
11/3/17
jwi...@lifelink.com
, …
Mike Stay
4
8/23/17
Syntax error when following example code
In particular, there's this snippet: ------------------- Running guest JavaScript from content
unread,
Syntax error when following example code
In particular, there's this snippet: ------------------- Running guest JavaScript from content
8/23/17
Doug Koellmer
, …
Mike Stay
13
5/25/17
Reusing DIVs.
As far as destroying an interval goes, you can replace the existing setInterval function before
unread,
Reusing DIVs.
As far as destroying an interval goes, you can replace the existing setInterval function before
5/25/17
Mark S. Miller
5/3/17
CFP: OCAP 2017, Object-Capability Languages, Systems, and Applications
http://conf.researchr.org/track/ocap-2017/ocap-2017#Call-for-Presentations Call for Presentations The
unread,
CFP: OCAP 2017, Object-Capability Languages, Systems, and Applications
http://conf.researchr.org/track/ocap-2017/ocap-2017#Call-for-Presentations Call for Presentations The
5/3/17
o x
,
Kevin Reid
3
5/2/17
load caja from iframes and load the caja lib ones in window.parent.caja
thank you Kevin Reid! that did the the trick :) On Tuesday, May 2, 2017 at 11:50:02 PM UTC+7, Kevin
unread,
load caja from iframes and load the caja lib ones in window.parent.caja
thank you Kevin Reid! that did the the trick :) On Tuesday, May 2, 2017 at 11:50:02 PM UTC+7, Kevin
5/2/17
o x
,
Kevin Reid
6
5/2/17
how to unescape the content of guest before run?
ok thank you On Tuesday, May 2, 2017 at 11:17:54 PM UTC+7, Kevin Reid wrote: You'll have to
unread,
how to unescape the content of guest before run?
ok thank you On Tuesday, May 2, 2017 at 11:17:54 PM UTC+7, Kevin Reid wrote: You'll have to
5/2/17
felbus
,
Kevin Reid
3
4/19/17
allow base64 data uri
ok thanks, ill take a look.. On Monday, 17 April 2017 17:46:01 UTC+1, Kevin Reid wrote: On Mon, Apr
unread,
allow base64 data uri
ok thanks, ill take a look.. On Monday, 17 April 2017 17:46:01 UTC+1, Kevin Reid wrote: On Mon, Apr
4/19/17
felbus
,
Kevin Reid
3
4/15/17
Allow full display and interaction with Html Emails
yep, that worked, thanks On Friday, 14 April 2017 18:05:58 UTC+1, Kevin Reid wrote: On Fri, Apr 14,
unread,
Allow full display and interaction with Html Emails
yep, that worked, thanks On Friday, 14 April 2017 18:05:58 UTC+1, Kevin Reid wrote: On Fri, Apr 14,
4/15/17
Vinod Patel
,
Kevin Reid
2
4/13/17
Add third party scripts to guest code.
On Thu, Apr 13, 2017 at 4:39 AM, Vinod Patel <vinodpa...@gmail.com> wrote: is it possible
unread,
Add third party scripts to guest code.
On Thu, Apr 13, 2017 at 4:39 AM, Vinod Patel <vinodpa...@gmail.com> wrote: is it possible
4/13/17
Tapan Anand
,
Kevin Reid
3
3/23/17
Do iframes with src still work in Caja?
Awesome! Thanks :) On Thursday, 23 March 2017 21:30:20 UTC+5:30, Kevin Reid wrote: On Thu, Mar 23,
unread,
Do iframes with src still work in Caja?
Awesome! Thanks :) On Thursday, 23 March 2017 21:30:20 UTC+5:30, Kevin Reid wrote: On Thu, Mar 23,
3/23/17
Mike Stay
, …
David Bruant
3
3/17/17
Does ECMAScript2015's "import" keyword provide ambient authority to the filesystem?
Le 17/03/2017 à 03:57, 'Mark S. Miller' via Google Caja Discuss a écrit : [+lots] The current
unread,
Does ECMAScript2015's "import" keyword provide ambient authority to the filesystem?
Le 17/03/2017 à 03:57, 'Mark S. Miller' via Google Caja Discuss a écrit : [+lots] The current
3/17/17
Mike Stay
2
10/6/16
Example code for SES?
Accidentally hit send. On Thu, Oct 6, 2016 at 2:53 PM, Mike Stay <meta...@gmail.com> wrote:
unread,
Example code for SES?
Accidentally hit send. On Thu, Oct 6, 2016 at 2:53 PM, Mike Stay <meta...@gmail.com> wrote:
10/6/16
Kevin Reid
6/1/16
Caja security advisory 2016-05-31
## Background For applications which used the Google API tamings (not enabled by default), the taming
unread,
Caja security advisory 2016-05-31
## Background For applications which used the Google API tamings (not enabled by default), the taming
6/1/16
re...@codereview-hr.appspotmail.com
,
fel...@gmail.com
2
5/31/16
Update Selenium to 2.53.0. (issue 300240043 by kpreid@google.com)
lgtm https://codereview.appspot.com/300240043/
unread,
Update Selenium to 2.53.0. (issue 300240043 by kpreid@google.com)
lgtm https://codereview.appspot.com/300240043/
5/31/16
re...@codereview-hr.appspotmail.com
,
eri...@gmail.com
2
5/27/16
Fix ses.funcLike protection against non-identifier names. (issue 301810043 by kpreid@google.com)
LGTM https://codereview.appspot.com/301810043/
unread,
Fix ses.funcLike protection against non-identifier names. (issue 301810043 by kpreid@google.com)
LGTM https://codereview.appspot.com/301810043/
5/27/16
Lukas Bombach
,
Kevin Reid
4
5/26/16
Can Caja still be used in production?
On Tue, May 24, 2016 at 3:48 AM, 'Lukas Bombach' via Google Caja Discuss <google-caja-
unread,
Can Caja still be used in production?
On Tue, May 24, 2016 at 3:48 AM, 'Lukas Bombach' via Google Caja Discuss <google-caja-
5/26/16
Kevin Reid
5/2/16
Re: [Caja] How to pass HTML/JS data from DB to caja
On Sat, Apr 30, 2016 at 2:44 PM, eqSan <mehra...@gmail.com> wrote: I'm trying to call
unread,
Re: [Caja] How to pass HTML/JS data from DB to caja
On Sat, Apr 30, 2016 at 2:44 PM, eqSan <mehra...@gmail.com> wrote: I'm trying to call
5/2/16