[e-lang] Caja discussion on the Caplet Group

Mark Miller erights at gmail.com
Tue Oct 9 20:55:52 EDT 2007

---------- Forwarded message ----------
From: Mark S. Miller <erights at google.com>
Date: Oct 9, 2007 5:30 PM
Subject: Re: [caplet] ADsafe, Take 5
To: caplet at yahoogroups.com

On 10/9/07, Douglas Crockford <douglas at crockford.com> wrote:
 > I have relaxed the rules on words. $ and leading _ are permitted. A
 >  trailing __ is forbidden.
 >  This change makes ADsafe a subset of another safe JavaScript subset.

 As of today, I was able to tell Crock about this other safe Javascript
 subset. And I can tell you folks as well. It's called "Caja". We will
 be open sourcing it soon.

 "Caja" is Spanish for "box", e.g., as in a strongbox for keeping money
 in -- much stronger than a sandbox ;).

 Caja defines a subset of Javascript both syntactically and
 semantically. This subset of Javascript is an object-capability
 language. The Caja translator rejects non-Caja input statically when
 it can. But because of Javascript's dynamic nature, some of Caja's
 restrictions cannot be imposed statically, so the Caja translator
 translates the Javascript it accepts into Javascript with additional
 runtime checks. To facilitate development, it is easy to write a Caja
 program so it can run correctly whether it is run as a Caja program or
 run directly as an untranslated Javascript program.

 Crock and I went over some of Caja's draft design today. With this
 adjustment to ADsafe's rules, it currently looks plausible that Caja
 may indeed be a superset of ADsafe. In other words:

 JSON < ADsafe < Caja < Ecmascript 3.

 The methodology we're using -- defining enforced subsets of existing
 large languages -- has also been used successfully to Java (Joe-E),
 OCaml (Emily), Pict (Backwater) and others:

Text by me above is hereby placed in the public domain


More information about the e-lang mailing list