Secure Collaboration - How Web Applications can Share and Still Be Paranoid

Mike Samuel (Google)

Google's Caja project allows mutually untrusting and untrusted web applications to run in the same context and allows them to safely communicate by regular JS function calls and reference passing. It provides tools that rewrite JS/HTML/CSS web applications to enable a wide range of security policies, allowing untrusted third party code to run in environments as dissimilar as social networks and corporate intranets.

Presentation Slides