The Final Result
Once we render the load in the test file that we specified earlier in our example, we are presented with both a visual and source code comparison of the content, as shown in Figure 8-3.
Figure 8-3. The Caja rendering application
The original content loads our iframe, header, div, and (when run) the script block that we included to display a pop
up to the user. The original content raw dump is an unmodified version
of the loaded file.
The right column on the Caja side is a much different story. The
header and div are preserved in the rendered version, but
the iframe is stripped and a second alert is absent. When we look at the
raw content of the cajoled file, we can see why. The iframe and script block have been removed from the file
that we attempted to load.
This is just a simple sanitization script from Caja, so although it presents a useful peek into the Caja process, it’s important to note that doesn’t represent the server-side cajoler’s full content manipulation capacity.
Get Programming Social Applications now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
