Loading ...
Sorry, an error occurred while loading the content.

Re: [caplet] ADsafe, Take 5

Expand Messages
  • Mark S. Miller
    ... As of today, I was able to tell Crock about this other safe Javascript subset. And I can tell you folks as well. It s called Caja . We will be open
    Message 1 of 2 , Oct 9, 2007
    • 0 Attachment
      On 10/9/07, Douglas Crockford <douglas@...> wrote:
      > I have relaxed the rules on words. $ and leading _ are permitted. A
      > trailing __ is forbidden.
      >
      > This change makes ADsafe a subset of another safe JavaScript subset.

      As of today, I was able to tell Crock about this other safe Javascript
      subset. And I can tell you folks as well. It's called "Caja". We will
      be open sourcing it soon.

      "Caja" is Spanish for "box", e.g., as in a strongbox for keeping money
      in -- much stronger than a sandbox ;).

      Caja defines a subset of Javascript both syntactically and
      semantically. This subset of Javascript is an object-capability
      language. The Caja translator rejects non-Caja input statically when
      it can. But because of Javascript's dynamic nature, some of Caja's
      restrictions cannot be imposed statically, so the Caja translator
      translates the Javascript it accepts into Javascript with additional
      runtime checks. To facilitate development, it is easy to write a Caja
      program so it can run correctly whether it is run as a Caja program or
      run directly as an untranslated Javascript program.

      Crock and I went over some of Caja's draft design today. With this
      adjustment to ADsafe's rules, it currently looks plausible that Caja
      may indeed be a superset of ADsafe. In other words:

      JSON < ADsafe < Caja < Ecmascript 3.

      The methodology we're using -- defining enforced subsets of existing
      large languages -- has also been used successfully to Java (Joe-E),
      OCaml (Emily), Pict (Backwater) and others:
      http://wiki.erights.org/wiki/Object-capability_languages

      More soon.

      --
      Cheers,
      --MarkM
    Your message has been successfully submitted and would be delivered to recipients shortly.