Loading ...
Sorry, an error occurred while loading the content.

ADsafe, Take 5

Expand Messages
  • Douglas Crockford
    I have relaxed the rules on words. $ and leading _ are permitted. A trailing __ is forbidden. This change makes ADsafe a subset of another safe JavaScript
    Message 1 of 2 , Oct 9, 2007
    • 0 Attachment
      I have relaxed the rules on words. $ and leading _ are permitted. A
      trailing __ is forbidden.

      This change makes ADsafe a subset of another safe JavaScript subset.
    • Mark S. Miller
      ... As of today, I was able to tell Crock about this other safe Javascript subset. And I can tell you folks as well. It s called Caja . We will be open
      Message 2 of 2 , Oct 9, 2007
      • 0 Attachment
        On 10/9/07, Douglas Crockford <douglas@...> wrote:
        > I have relaxed the rules on words. $ and leading _ are permitted. A
        > trailing __ is forbidden.
        >
        > This change makes ADsafe a subset of another safe JavaScript subset.

        As of today, I was able to tell Crock about this other safe Javascript
        subset. And I can tell you folks as well. It's called "Caja". We will
        be open sourcing it soon.

        "Caja" is Spanish for "box", e.g., as in a strongbox for keeping money
        in -- much stronger than a sandbox ;).

        Caja defines a subset of Javascript both syntactically and
        semantically. This subset of Javascript is an object-capability
        language. The Caja translator rejects non-Caja input statically when
        it can. But because of Javascript's dynamic nature, some of Caja's
        restrictions cannot be imposed statically, so the Caja translator
        translates the Javascript it accepts into Javascript with additional
        runtime checks. To facilitate development, it is easy to write a Caja
        program so it can run correctly whether it is run as a Caja program or
        run directly as an untranslated Javascript program.

        Crock and I went over some of Caja's draft design today. With this
        adjustment to ADsafe's rules, it currently looks plausible that Caja
        may indeed be a superset of ADsafe. In other words:

        JSON < ADsafe < Caja < Ecmascript 3.

        The methodology we're using -- defining enforced subsets of existing
        large languages -- has also been used successfully to Java (Joe-E),
        OCaml (Emily), Pict (Backwater) and others:
        http://wiki.erights.org/wiki/Object-capability_languages

        More soon.

        --
        Cheers,
        --MarkM
      Your message has been successfully submitted and would be delivered to recipients shortly.