Try out Caja here!
Caja allows websites to safely embed DHTML web applications from third parties, and enables rich interaction between the embedding page and the embedded applications. It uses an object-capability security model to allow for a wide range of flexible security policies, so that
... [More]
the containing page can effectively control the embedded applications' use of user data and to allow gadgets to prevent interference between gadgets' UI elements.
Today, some websites embed third-party code using iframes. This approach does not prevent a wide variety of attacks: redirection to phishing pages which could pretend to be a login page for the embedding application; stopping the browser from working until the user downloads malware; stealing history information about which sites a user has visited so that more target phishing attacks can be done; and port scanning the user's local network. Finally, even though a website can choose not to give data to an iframe app, once it has done so it can place no further restrictions on what the iframe app can do with it — it cannot stop the iframe app from sending that data elsewhere.
Caja addresses these problems which are not addressed by iframe jails; and it does so in a very flexible way. If a container wishes to allow an embedded application to use a particular web service, but not to send arbitrary network requests, then it can give the application an object that interacts with that web service, but deny access to XMLHttpRequest. Under Caja, passing objects grants authority, and denying access to objects denies authority, as is typical in an object-capability environment. Information leakage can be prevented by allowing user data to be encapsulated in objects that can be rendered in user-readable form but not read by scripts ; we can prevent leakage without solving the problem of covert channels.
Contacting the Caja TeamDiscussionsOur discussion group is the best place to contact us. First posts are moderated to remove spam, so don't worry if your post doesn't show up immediately. You can also find team members on the #caja IRC channel on freenode.net.
Reporting Bugs & Security IssuesPlease report potential vulnerabilities using the private issue tracker, and bugs and feature requests via the public issue tracker. The Caja team encourages responsible disclosure, since production services rely on us for security. We will work to resolve the issue and make sure credit is given.
ContributingThe Caja team includes people from a number of different companies and some private individuals. If you would like to contribute, introduce yourself on our discussion group.
MotivationSome websites embed code in iframes, and pass user data between them. The use of these sites has thus far been limited to teenagers and others who are comfortable with some aspects of their lives being very public. The same development model — where one company provides a general storage layer for data, and third parties provide custom interfaces and extensions — has not been extended to systems that deal with valuable data.
This development model is promising, though. Large software companies have to target their user-interface efforts at a mythical average user; the high costs of researching and understanding the needs of niches of users means that user interfaces tend to suffer from the "lowest common denominator" effect. But there are many developers who understand niche markets, and know how to write custom user interfaces and workflows.
If we can safely embed third-party user interfaces and workflows into generic backends, we can encourage a market for embedded applications that will make the web experience much richer. Caja aims to allow that safe embedding.
What is CajaCaja (pronounced "KA-ha"), is a Spanish word that means box, bank, cash register, vault; a container for valuables. A web developer uses traditional tools like HTML, JavaScript, and CSS; and Caja provides a compiler (a "cajoler") that takes the web application and produces a "cajoled" HTML web application. The cajoler tries to verify security properties by doing static analysis, and where it cannot it rewrites the input to add runtime checks.
Since web applications make common use of browser APIs, e.g. the DOM APIs, that give a huge amount of control over the web page, Caja provides tamed APIs that virtualize portions of the DOM. A containing page can set up the embedding application's environment so that the embedded application thinks it is interacting with the DOM of a full page, but is in fact only manipulating a bounded portion of the containing page via a mechanism called virtual iframes.
The JavaScript that a Caja application uses is written in a fail stop subset of JavaScript (actually EcmaScript5). This subset, called "Valija", includes almost the entire JavaScript language, but removes a few error-prone constructs such as with and restricts how eval may be used.
NewsJust write your gadgets in Javascript/DHTML and they'll probably work right away. Try it! Caja on YAP, the Yahoo Application Platform Article on YDN discussing the benefits and gotchas of developing apps with Caja Containers looking to host gadgets on their pages Tim Oren explains Caja How to build Caja A sample host page for use by a container TalksSecure Collaboration - How Web Applications can Share and Still Be Paranoid Tradeoffs in Retrofitting Security: An Experience Report
Cajoled GadgetUncajoled Gadget [Less]
Copyright
©
2013
Black Duck Software, Inc.
and its contributors, Some Rights Reserved. Unless otherwise marked, this work is licensed under a
Creative Commons Attribution 3.0 Unported License
. Ohloh
®
and the Ohloh logo are trademarks of
Black Duck Software, Inc.
in the United States and/or other jurisdictions. All other trademarks are the property of their respective holders.