翻訳と辞書 |
Caja project : ウィキペディア英語版 | Caja (pronounced )(Note about pronunciation ), October 2007. is a Google project and a JavaScript implementation for "virtual iframes" based on the principles of object-capabilities. Caja takes JavaScript (technically, ECMAScript 5 strict mode code), HTML, and CSS input and rewrites it into a safe subset of HTML and CSS, plus a single JavaScript function with no free variables. That means the only way such a function can modify an object is if it is given a reference to the object by the host page. Instead of giving direct references to DOM objects, the host page typically gives references to wrappers that sanitize HTML, proxy URLs, and prevent redirecting the page; this allows Caja to prevent certain phishing attacks, prevent cross-site scripting attacks, and prevent downloading malware. Also, since all rewritten programs run in the same frame, the host page can allow one program to export an object reference to another program; then inter-frame communication is simply method invocation.The word "caja" is Spanish for "box" or "safe" (as in a bank), the idea being that Caja can safely contain JavaScript programs as well as being a capabilities-based JavaScript.Caja is currently used by Google in its Orkut,(orkut Developer Blog: Caja Available on orkut ), 2010/03/09, retrieved 2010/04/21 Google Sites,(Insert custom HTML, CSS, and Javascript ), retrieved 2012/04/16 and Google Apps Script(Html Service: Caja Sanitization ) 2013/06/28, retrieved 2013/07/25 products; in 2008 MySpace(MySpace: Caja JavaScript scrubbing ready for prime time ), 2008/02/04, retrieved 2008/06/08(Tim Oren's Due Diligence: Web 2.0 Investors: Pay Attention To Caja ), 2008/04/11, retrieved 2008/06/08 and Yahoo!(OpenSocial API Blog: Launched: Yahoo!'s First Implementation of OpenSocial Support ), 2008/10/28, retrieved 2008/11/15 had both deployed a very early version of Caja but later abandoned it.== See also ==* Joe-E, an object-capability subset of Java* E Caja (pronounced )〔(Note about pronunciation ), October 2007.〕 is a Google project and a JavaScript implementation for "virtual iframes" based on the principles of object-capabilities. Caja takes JavaScript (technically, ECMAScript 5 strict mode code), HTML, and CSS input and rewrites it into a safe subset of HTML and CSS, plus a single JavaScript function with no free variables. That means the only way such a function can modify an object is if it is given a reference to the object by the host page. Instead of giving direct references to DOM objects, the host page typically gives references to wrappers that sanitize HTML, proxy URLs, and prevent redirecting the page; this allows Caja to prevent certain phishing attacks, prevent cross-site scripting attacks, and prevent downloading malware. Also, since all rewritten programs run in the same frame, the host page can allow one program to export an object reference to another program; then inter-frame communication is simply method invocation. The word "caja" is Spanish for "box" or "safe" (as in a bank), the idea being that Caja can safely contain JavaScript programs as well as being a capabilities-based JavaScript. Caja is currently used by Google in its Orkut,〔(orkut Developer Blog: Caja Available on orkut ), 2010/03/09, retrieved 2010/04/21〕 Google Sites,〔(Insert custom HTML, CSS, and Javascript ), retrieved 2012/04/16〕 and Google Apps Script〔(Html Service: Caja Sanitization ) 2013/06/28, retrieved 2013/07/25〕 products; in 2008 MySpace〔(MySpace: Caja JavaScript scrubbing ready for prime time ), 2008/02/04, retrieved 2008/06/08〕〔(Tim Oren's Due Diligence: Web 2.0 Investors: Pay Attention To Caja ), 2008/04/11, retrieved 2008/06/08〕 and Yahoo!〔(OpenSocial API Blog: Launched: Yahoo!'s First Implementation of OpenSocial Support ), 2008/10/28, retrieved 2008/11/15〕 had both deployed a very early version of Caja but later abandoned it. == See also ==
* Joe-E, an object-capability subset of Java * E
抄文引用元・出典: フリー百科事典『 capabilities-based JavaScript.Caja is currently used by Google in its Orkut,(orkut Developer Blog: Caja Available on orkut ), 2010/03/09, retrieved 2010/04/21 Google Sites,(Insert custom HTML, CSS, and Javascript ), retrieved 2012/04/16 and Google Apps Script(Html Service: Caja Sanitization ) 2013/06/28, retrieved 2013/07/25 products; in 2008 MySpace(MySpace: Caja JavaScript scrubbing ready for prime time ), 2008/02/04, retrieved 2008/06/08(Tim Oren's Due Diligence: Web 2.0 Investors: Pay Attention To Caja ), 2008/04/11, retrieved 2008/06/08 and Yahoo!(OpenSocial API Blog: Launched: Yahoo!'s First Implementation of OpenSocial Support ), 2008/10/28, retrieved 2008/11/15 had both deployed a very early version of Caja but later abandoned it.== See also ==* Joe-E, an object-capability subset of Java* E">ウィキペディア(Wikipedia)』 ■capabilities-based JavaScript.Caja is currently used by Google in its Orkut,(orkut Developer Blog: Caja Available on orkut ), 2010/03/09, retrieved 2010/04/21 Google Sites,(Insert custom HTML, CSS, and Javascript ), retrieved 2012/04/16 and Google Apps Script(Html Service: Caja Sanitization ) 2013/06/28, retrieved 2013/07/25 products; in 2008 MySpace(MySpace: Caja JavaScript scrubbing ready for prime time ), 2008/02/04, retrieved 2008/06/08(Tim Oren's Due Diligence: Web 2.0 Investors: Pay Attention To Caja ), 2008/04/11, retrieved 2008/06/08 and Yahoo!(OpenSocial API Blog: Launched: Yahoo!'s First Implementation of OpenSocial Support ), 2008/10/28, retrieved 2008/11/15 had both deployed a very early version of Caja but later abandoned it.== See also ==* Joe-E, an object-capability subset of Java* E">ウィキペディアで「Caja (pronounced )(Note about pronunciation ), October 2007. is a Google project and a JavaScript implementation for "virtual iframes" based on the principles of object-capabilities. Caja takes JavaScript (technically, ECMAScript 5 strict mode code), HTML, and CSS input and rewrites it into a safe subset of HTML and CSS, plus a single JavaScript function with no free variables. That means the only way such a function can modify an object is if it is given a reference to the object by the host page. Instead of giving direct references to DOM objects, the host page typically gives references to wrappers that sanitize HTML, proxy URLs, and prevent redirecting the page; this allows Caja to prevent certain phishing attacks, prevent cross-site scripting attacks, and prevent downloading malware. Also, since all rewritten programs run in the same frame, the host page can allow one program to export an object reference to another program; then inter-frame communication is simply method invocation.The word "caja" is Spanish for "box" or "safe" (as in a bank), the idea being that Caja can safely contain JavaScript programs as well as being a capabilities-based JavaScript.Caja is currently used by Google in its Orkut,(orkut Developer Blog: Caja Available on orkut ), 2010/03/09, retrieved 2010/04/21 Google Sites,(Insert custom HTML, CSS, and Javascript ), retrieved 2012/04/16 and Google Apps Script(Html Service: Caja Sanitization ) 2013/06/28, retrieved 2013/07/25 products; in 2008 MySpace(MySpace: Caja JavaScript scrubbing ready for prime time ), 2008/02/04, retrieved 2008/06/08(Tim Oren's Due Diligence: Web 2.0 Investors: Pay Attention To Caja ), 2008/04/11, retrieved 2008/06/08 and Yahoo!(OpenSocial API Blog: Launched: Yahoo!'s First Implementation of OpenSocial Support ), 2008/10/28, retrieved 2008/11/15 had both deployed a very early version of Caja but later abandoned it.== See also ==* Joe-E, an object-capability subset of Java* E」の詳細全文を読む
スポンサード リンク
翻訳と辞書 : 翻訳のためのインターネットリソース |
Copyright(C) kotoba.ne.jp 1997-2016. All Rights Reserved.
|
|