O'Reilly logo

Programming Social Applications by Jonathan LeBlanc

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

The Final Result

Once we render the load in the test file that we specified earlier in our example, we are presented with both a visual and source code comparison of the content, as shown in Figure 8-3.

The Caja rendering application

Figure 8-3. The Caja rendering application

The original content loads our iframe, header, div, and (when run) the script block that we included to display a pop up to the user. The original content raw dump is an unmodified version of the loaded file.

The right column on the Caja side is a much different story. The header and div are preserved in the rendered version, but the iframe is stripped and a second alert is absent. When we look at the raw content of the cajoled file, we can see why. The iframe and script block have been removed from the file that we attempted to load.

This is just a simple sanitization script from Caja, so although it presents a useful peek into the Caja process, it’s important to note that doesn’t represent the server-side cajoler’s full content manipulation capacity.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required