Ben Laurie has posted some initial information about the Caja (Capability Javascript) project that he is leading at Google. The code is going to be open sourced under the Apache License (with Ben running it, that’s no surprise). Caja is based on the work that Ben did on CaPerl a few years back. I saw CaPerl when we were looking at how to improve Python security for Chandler Desktop. Ben was interested in doing some capability stuff for Python, but the stars never aligned for it to happen. I’m glad to see that his work will live on – it’s not like JavaScript couldn’t use some security help. People worried about yet another version of Java/ECMAScript should go read Ben’s post before they complain.
Caja: Capability Javascript
Leave a reply