Caja users, please visit us at Google Developers

(This site is for programmers actively working on Caja, rather than using it for their own projects.)

The Caja Compiler is a tool for making third party HTML, CSS and JavaScript safe to embed in your website. It enables rich interaction between the embedding page and the embedded applications. Caja uses an object-capability security model to allow for a wide range of flexible security policies, so that your website can effectively control what embedded third party code can do with user data.

Contacting us

Discussions

Our discussion group is the best place to contact us. First posts are moderated to remove spam, so don't worry if your post doesn't show up immediately.

Reporting Bugs & Security Issues

Please report potential vulnerabilities using the private issue tracker, and bugs and feature requests via the public issue tracker. The Caja team encourages responsible disclosure, since production services rely on us for security. We will work to resolve the issue and make sure credit is given.

Contributing

The Caja team includes people from a number of different companies and some private individuals. If you would like to contribute, introduce yourself on our discussion group.

News

• Using Caja on Google Apps Script https://developers.google.com/apps-script/html_service
• Using Caja on Google Sites http://support.google.com/sites/bin/answer.py?hl=en&answer=2500646
• Just write your gadgets in Javascript/DHTML and they'll probably work right away. Try it!

Talks

• Secure Collaboration - How Web Applications can Share and Still Be Paranoid
• Tradeoffs in Retrofitting Security: An Experience Report