Thursday, October 29th, 2009
YUI 2.8.0 now Caja compliant
Caja is one of the most promising attempts to deliver secure web applications not prone to the attacks that normal JavaScript solutions sadly enough allow for. Let’s face it – the concept of global variables and the lack of sandboxed environments in addition to the fun that is browser security holes makes the web as it stands now quite hard to secure.
The problem with Caja is that it is quite troublesome to get your head around. Caja pre-processes web content (HTML, CSS and JavaScript) and converts it to something really unreadable but very secure. Practices that are insecure but have become quite common use rightfully are being flagged up as errors and fail to compile. This reminds me of Netscape 4.x rightfully not rendering tables that weren’t closed or Netscape 6 not supporting document.all any more – the response from developers was outrage as we are happy to write “convenient” code.
The way around a lot of browser bugs and implementation funnies (see John Resig’s talk the DOM is a mess for a deep-dive on that) is libraries. All the different JavaScript libraries – Dojo, MooTools, jQuery, YUI… first and foremost want to make our lives easier by making browsers behave. That’s cool and all, but the problem is that the libraries themselves are not Caja compliant.
As Yahoo’s new application platform YAP that allows you to run small apps in My Yahoo and the Yahoo homepage uses Caja there was an immediate need to make YUI work. The YUI team and the YAP engineers put their heads down and now announced that YUI has been cleaned up and made compatible.
As Caja doesn’t allow for script with a src inside a container this restriction has been lifted for the official YUI locations. Read more details about the changes to YUI on the YDN blog and here are the links to the docs and the forum where I’d encourage you to report any bugs you find:
This is a great step towards secure apps that can be built easily. There were a few earlier attempts to “fix” prototype to become Caja compliant and I would love that to come to fruition. Furthermore, a Caja compliant jQuery and Mootools would rock, too. The official whitelisted endpoint for inclusion could be the Google Ajax Libraries API.
These earlier attempts gave birth to Valija. Full Caja-compliance is still a work in progress. Stay tuned.
WZZ
cheap wow gold Nigerian Ministry cheap wow gold of Communications aion gold and China signed
metin2 yang a supplementary
aion4gold agreement to Aion Kina the railway
Members said that a friend received Xiangdi do not know,
Mermaid Allover Lace Satin Wedding Dress bad fold,
Mermaid Applique Tulle Wedding Dressonly hanging.To occupy a
Mermaid Satin Tulle Wedding Dresscertain space at home … …Has been collecting,
Mermaid Taffeta Tulle Wedding Dresseven think about the future build-aliasing, but also do not wear on the income a year’s Pleated Wedding Glovesgrace graceful Why miss it?
wedding dress
areinsufficient wow goldfunds in maplestory mesosthe great wow gold sellersvaults of aion goldopportunity
of thisnation. so we have shanghai massagecome buying wow goldto cash this check — a check that willgive us upon demand the riches of freedom
Thanks
Excellent and helpful