Running Caja from a Web Application
The full code for this sample is available at https://github.com/jcleblanc/programming-social-applications/blob/master/chapter_8/caja_web_application.html.
The other file we will need is a whitelist of all of the available HTML tags, which the sanitizer will use to determine which tags should be left alone, which should be sanitized, and which should be removed completely. A sample file (html4-defs.js) with this type of structure is available at https://github.com/jcleblanc/programming-social-applications/tree/master/caja/web_sanitizer_simple/ and provides an aggressive parsing whitelist that we will use in our example.
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <title>Simple Web Application Cajoler</title> </head> <body> <script src="html4-defs.js"></script> ...