We're looking for a way to secure third party code within our web pages. Someone suggested we use Caja. I looked into that, but the information about it is quite sparse. Before I deep dive into it, I would first like to know:
Can Caja handle embedded HTML like Google Map's, which effectively acts as a bootstrap, and loads all the active HTML and JavaScript when run by the browser?
Is Caja mature enough to be used in a production environment, or is it still at the concept stage?
Thanks, Eran
You should take a look at their issues list. The list looks healthy in the sense that its alive, and active, so that is one point in favor. But you should look and see if any of these issues apply to your needs, if not then you're probably fine, if the answer is yes you need to decide if you're willing to wait, or contribute, or better off looking for something new.
Personally it looks ok, but not sure how far you want to take it
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With