Stack Overflow
Stack Overflow

Questions tagged [google-caja]

Caja is a tool for safely embedding active Web content including HTML, JavaScript, and CSS.

The Caja Compiler is a tool for making third party HTML, CSS and JavaScript safe to embed in your website. It enables rich interaction between the embedding page and the embedded applications. Caja uses an object-capability security model to allow for a wide range of flexible security policies, so that your website can effectively control what embedded third party code can do with user data.

https://developers.google.com/caja/

84 questions
7
votes
4 answers

Can't get java progam to run! NoClassDefFoundError?

I'm a .NET developer, but for my current project I need to use Google Caja, a Java project. Uh-oh! I've followed the guide at http://code.google.com/p/google-caja/wiki/RunningCaja on my windows machine, but can't get the program to run. The command…
mcintyre321
  • 12,996
  • 8
  • 66
  • 103
5
votes
1 answer

Using caja to sanitize Javascript?

I'd like to allow users of my application to write plugins in Javascript that extend its functionality, without allowing access to anything other than a plugin API object I provide. For example, a plugin might look like the…
Ben Dilts
  • 10,535
  • 16
  • 54
  • 85
5
votes
2 answers

google caja how to use

let say i have a page , and i want to allow 3rd party to embed small application/iframe into my page. in order to use caja on my page to secure the 3rd party small app/iframe. do i need to put any extra javascript/serverside code in order to use…
cometta
  • 35,071
  • 77
  • 215
  • 324
5
votes
2 answers

Google Visualization not working with appscript html service

I want to use appscript htmlservice along with appscript, The html service seems to work but the visualization do not work. Here is the code for reference. Code.GS : // Script-as-app template. function doGet() { return…
Saxena
  • 51
  • 2
4
votes
2 answers

Is it safe to allow links that start with # (hash)?

I'm building a webapp and users can create HTML contents dynamically. Is it safe (e.g. w.r.t. XSS attacks) to allow them to create links that start with #? I don't know why it wouldn't be -- perhaps I'm just being paranoid. (My Javascript code…
KajMagnus
  • 11,308
  • 15
  • 79
  • 127
4
votes
1 answer

Password input field created with HTMLService loses type=password

I'm creating a password reset form for use by staff at a school using Google Apps for Education. I'm using the HTMLService API to import an html file and use it as a template. Part of that file is this table: …
James Synge
  • 592
  • 5
  • 11
3
votes
2 answers

How do I make Caja preserve template text inside a script tag?

I was trying to see if I could use ICanHaz or Handlebars for building the sidebar of my Google Docs Add-on. However, it turns out Caja is stripping the actual HTML from my script tag. Is there any way to prevent this from happening? Let's just say…
Wilfred Springer
  • 10,869
  • 4
  • 55
  • 69
3
votes
1 answer

How to make a tab panel using HTML Service

How I can integrate a tabs panel to display in each tab a different HTML content and allow also the navigation of those panels, in Google Apps Script HTML Service? I tried to implement this simple code but it doesn't work, due to caja sanitization,…
Francesco Barreca
  • 271
  • 5
  • 15
3
votes
1 answer

Loading Google Maps API in HtmlService GAS

I have a doGet() GAS where I call a HTML file with the HtmlService. In the HTML file I have the basic Google Maps API call