YUI 2.8.0 now Caja compliant

In: web resources

29 Oct 2009

Caja is one of the most promising attempts to deliver secure web applications not prone to the attacks that normal JavaScript solutions sadly enough allow for. Let’s face it – the concept of global variables and the lack of sandboxed environments in addition to the fun that is browser security holes makes the web as it stands now quite hard to secure.

The problem with Caja is that it is quite troublesome to get your head around. Caja pre-processes web content (HTML, CSS and JavaScript) and converts it to something really unreadable but very secure. Practices that are insecure but have become quite common use rightfully are being flagged up as errors and fail to compile. This reminds me of Netscape 4.x rightfully not rendering tables that weren’t closed or Netscape 6 not supporting document.all any more – the response from developers was outrage as we are happy to write “convenient” code.

The way around a lot of browser bugs and implementation funnies (see John Resig’s talk the DOM is a mess for a deep-dive on that) is libraries. All the different JavaScript libraries – Dojo, MooTools, jQuery, YUI… first and foremost want to make our lives easier by making browsers behave. That’s cool and all, but the problem is that the libraries themselves are not Caja compliant.

As Yahoo’s new application platform YAP that allows you to run small apps in My Yahoo and the Yahoo homepage uses Caja there was an immediate need to make YUI work. The YUI team and the YAP engineers put their heads down and now announced that YUI has been cleaned up and made compatible.

As Caja doesn’t allow for script with a src inside a container this restriction has been lifted for the official YUI locations. Read more details about the changes to YUI on the YDN blog and here are the links to the docs and the forum where I’d encourage you to report any bugs you find:

This is a great step towards secure apps that can be built easily. There were a few earlier attempts to “fix” prototype to become Caja compliant and I would love that to come to fruition. Furthermore, a Caja compliant jQuery and Mootools would rock, too. The official whitelisted endpoint for inclusion could be the Google Ajax Libraries API.

Go to Source

1 Response to YUI 2.8.0 now Caja compliant

Avatar

M. L.

January 28th, 2010 at 11:27 am

I'm going to make the assumption you are referring to the org.w3c.dom interfaces, since you didn't specify.

Given a Node, the easiest way to obtain a count of the number of sibling Nodes is to count the children of the Node's parent then substract 1.

int numberOfSiblings =
node.getParentNode().getChildNodes()
.getLength() – 1;

Comment Form

About this blog

This blog delivers stylish and dynamic news for designers and web-developers on all subjects of design, ranging from: CSS, Ajax, Javascript, web design, graphics, typography, advertising & much more. Our goal is to help you communicate effectively on the web with an engaging website or functional interface.

Copyright © 2007 - Programming Blog - is proudly powered by WordPress | Log in

Compositio Theme is created by: Design Disease brought to you by PremiumThemes.com