Sunday, October 12, 2008

Caja

Caja - short for Capabilities JavaScript, an open source project based at google. There's a neat write-up at http://due-diligence.typepad.com/blog/2008/04/web-20-investor.html

Extract from Caja Home Page
Caja (pronounced "KA-ha") is "virtual iframes": it allows you to put untrusted third-party HTML and JavaScript inline in your page and still be secure. Caja
  • gives stricter control over what the code can do:
    • no redirects to phishing pages: the window object the untrusted code has is a fake one created by the containing page
    • no malware: all requests to URLs are proxied
    • no XSS: dynamic HTML sanitization
  • allows the untrusted code more power than is safe to give to code currently in iframes. Here are some possibilities:
    • floating frames ("info windows")
    • frames don't have to be rectangular
    • frames can communicate without the current awkward protocols
      • a reader could broadcast geographic information about the current article; a maps gadget jumps to the location, while a news gadget gets local stories and a weather gadget pulls up the weather
      • similarly for financial info or entertainment info
      • an extensible syntax highlighter could have plugins that can mark up text but not leak the contents to another website
      • can be a bit channel (can only send information) or a code channel (can send functions)
      • hosting page can control who talks to whom
It does look like Caja is here to stay - considering its being actively adopted as part of the OpenSocial initiative.
Posted by at No comments:
Labels: ,

Google maps on your site

Its been there for ages, gave it a spin today. Still to think of a good enough mashup idea which has not already been implemented. Click here for a 'how to embed tutorial' - anyone with half a brain can do it, which explains why I did it :)
Posted by at 2 comments:
Labels: ,

OpenSocial APIs and Shindig

Latest update: Apache Shindig is under incubation at the Apache Software Foundation - Read more at http://incubator.apache.org/shindig/

Read up a primer on Shindig at http://sites.google.com/site/io/apache-shindig-make-your-social-site-an-opensocial-container

Installation and other details at http://chrisschalk.com/shindig_docs/shindig_sql_tutorial/shindig_data_tutorials.html

Oh, and the OpenSocial dev guide on google http://code.google.com/apis/opensocial/docs/0.7/devguide.html

To test out OpenSocial gadgets, you need
- Web Hosting. Alternatives are http://code.google.com/p/ and http://pages.google.com
- An orkut account
- Request for sandbox developer rights on http://code.google.com/support/opensocialsignup/
- Create a sample HelloWorld gadget (Refer to the OpenSocial dev guide) and upload it to http://pages.google.com or use one off http://code.google.com/p/remafriends/downloads/list
- Signup to the orkut sandbox using http://sandbox.orkut.com
- Click on the Edit links next to 'Apps'. Enter the url for the gadget xml (For e.g. http://remafriends.googlecode.com/files/listmyfriends.xml). Give rights to run your application and you are set.
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)