You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
Intro – Testing Google Sites and Google Caja In March 2018, I reported an XSS in Google Caja, a tool to securely embed arbitrary html/javascript in a webpage. In May 2018, after the XSS was fixed, I realised that Google Sites was using an unpatched version of Google Caja, so I looked if it was vulnerable to the XSS. However, the XSS wasn’t exploitable there. Google Caja parses html/javascript and
Caja is maintained by three-ish engineers in their spare time, one of whom only works on SES. Apps script is indeed moving away from caja, for a few reasons: developers are OK with using an asynchronous API for communication between sandboxed code and Google APIs users don't care about confinement; there's no demand for, say, a text editor that can't leak your files to the app developer everyone h
ESOP'13 22nd European Symposium on Programming, Springer (2013) Contracts enable mutually suspicious parties to cooperate safely through the exchange of rights. Smart contracts are programs whose behavior enforces the terms of the contract. This paper shows how such contracts can be specified elegantly and executed safely, given an appropriate distributed, secure, persistent, and ubiquitous comput
Caja hacking Thursday, 30 August 2012 As you probably know I love JavaScript sandboxes and I spend a lot of spare time playing around with them on the net. One of them is Google Caja, if you don’t know what it is here is the description from the project “The Caja Compiler is a tool for making third party HTML, CSS and JavaScript safe to embed in your website. It enables rich interaction between th
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
処理を実行中です
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く