Cajoling HTML and JavaScript

Before we begin compiling our mixed HTML and JavaScript documents into a safe code subset, we need to look at the tools that we will be using.

In the caja directory that we created for the project, you’ll see a directory containing the scripts that we will use to compile our code. The cajole_html script is specific to the task of cajoling standard HTML and JavaScript, and it’s the script we’ll use here to cajole our standard code. After the cajoling process completes, we will have two output files:

  • An HTML output file containing the markup of our script, divorced from any embedded JavaScript blocks. This HTML file will contain secure, directly embeddable markup that we can insert within a site. All unsafe markup tags, such as iframes, will be stripped from the final derived markup.

  • The cajoled JavaScript file. The JavaScript will be a secured version of what we started with, stripping out any insecure script.

To run the mixed HTML/JavaScript command-line cajoler, we can simply go to the root of the caja directory from which we checked out the SVN source and run the appropriate cajole_html script with a few parameters:

cd caja
bin/cajole_html -i <htmlInputFile> -o <outputTarget>

cajole_html allows us to specify an input file to cajole (htmlInputFile) and an output filename to dump our two cajoled files to (outputTarget). htmlInputFile can be an absolute URL of a file to be cajoled or a direct reference to a file on the local system. outputTarget is simply the ...

Get Programming Social Applications now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.