Cajoling HTML and JavaScript
Before we begin compiling our mixed HTML and JavaScript documents into a safe code subset, we need to look at the tools that we will be using.
In the caja directory that we created for the project, you’ll see a directory containing the scripts that we will use to compile our code. The cajole_html script is specific to the task of cajoling standard HTML and JavaScript, and it’s the script we’ll use here to cajole our standard code. After the cajoling process completes, we will have two output files:
An HTML output file containing the markup of our script, divorced from any embedded JavaScript blocks. This HTML file will contain secure, directly embeddable markup that we can insert within a site. All unsafe markup tags, such as iframes, will be stripped from the final derived markup.
The cajoled JavaScript file. The JavaScript will be a secured version of what we started with, stripping out any insecure script.
To run the mixed HTML/JavaScript command-line cajoler, we can
simply go to the root of the caja
directory from which we checked out the SVN source and run the
appropriate cajole_html script with a
few parameters:
cd caja bin/cajole_html -i <htmlInputFile> -o <outputTarget>
cajole_html allows us to
specify an input file to cajole (htmlInputFile) and an output filename to dump
our two cajoled files to (outputTarget). htmlInputFile can be an absolute URL of a file
to be cajoled or a direct reference to a file on the local system.
outputTarget is simply the ...
Get Programming Social Applications now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
