You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by Matthew Russell <ma...@digitalreasoning.com> on 2009/01/03 01:57:27 UTC
using caja for the simplest possible gadgets not working for me
Hello,
I've been doing some basic development with Shindig (HEAD), and just
recently been trying to use Caja (versus just read about it.) I can't
seem to find very good guidance on getting Caja to work with Shindig
and gadgets, so I'm assuming it's probably supposed to be easier than
I'm making it.
So, I was wondering if I could get some help understanding why the
following things do not work, and what I would do to get them to
work. I've included a simple gadget below with the most basic things
I could think of trying to do. If I can get a hand understanding
what's going on here, I'll do what I can to help with docs in the way
of short articles and such things since there doesn't seem to be many
of those around these days.
<?xml version="1.0" encoding="UTF-8" ?>
<Module>
<ModulePrefs title="Cajoled Gadgets Example">
<Require feature="minimessage"/>
<Require feature="opensocial-0.8"/>
<Require feature="caja"/>
</ModulePrefs>
<Content type="html">
<![CDATA[
<script type="text/javascript">
/*#1 - this doesn't work - get error about untamed
function.
how to tame it? should i be doing this
manually? */
//var msg = new gadgets.MiniMessage(__MODULE_ID__);
//msg.createDismissibleMessage("hello?");
/*#2 - this doesn't work either - get message about
"x0__ being null" */
//gadgets.util.registerOnLoadHandler(function() {
// document.getElementById("foo").innerHTML = "bar";
//});
/*#3 -this doesn't work either - "this.node__ is
undefined" */
//var e = document.createElement("div");
//e.innerHTML = "foobar";
//document.appendChild(e);
/*#4 nor does this work - "invalid instanceof operand
result"*/
console.log("hello?");
</script>
<div id="foo">hello?</div>
]]>
</Content>
</Module>
Re: using caja for the simplest possible gadgets not working for me
Posted by Jasvir Nagra <ja...@google.com>.
Hi Matt and shindig folk,
I've added a patch to jira (
https://issues.apache.org/jira/browse/SHINDIG-822) that removes the
dependence of caja on opensocial and lets any feature tame their api.
Hopefully this will help get us started on taming the remaining libraries
which as Kevin points out is the biggest outstanding problem deploying caja
at the moment.
Code review welcome.
Regards
Jasvir
On Fri, Jan 2, 2009 at 10:50 PM, Jasvir Nagra <ja...@google.com> wrote:
> Hi Matt,
>
> Comments inline below.
>
> On Fri, Jan 2, 2009 at 10:13 PM, Matthew Russell <
> matthew.russell@digitalreasoning.com> wrote:
>
>> I noticed that #2 and #3 in the code work if I wrap the code in a
>> gadgets.util.registerOnLoad handler, so I'm guessing those were probably
>> race conditions?
>>
>> Maybe #4 just isn't meant to be because "console" isn't on the white list,
>> which make sense for a production situation? I saw some stuff from googling
>> that suggests there may be a wrapper around console.log (log-to-console.js)
>> but I can't find it, nor can I find a nice clean doc on what it means to
>> "tame" a function like console.log. Still looking for one of those.
>>
> As for #1 - how do you "tame" gadgets.MiniMessage? I wouldn't think that if
>> you're using shindig you'd have to manually run the js source for a
>> "feature" through the cajole_gadget command line utility from caja's trunk,
>> but I'll give that a shot and see what happens...
>>
>
> For both #1 and #4 you've hit on exactly the reason. Caja uses a
> whitelisting approach and a function is not callable (nor are variables
> readable) unless the container -- in this case shindig -- whitelists it so.
> Taming is simply the whitelisting of particular functions and variables (it
> can be a bit more than that - for example, a library may wish to ensure that
> particular functions are only called with the right number and type of
> arguments or some other restriction -- the taming layer can enforce those
> constraints.)
>
> Currently the only feature library that is tamed is opensocial. You can
> see the taming at the bottom of features/opensocial-reference/container.js
> and whitelist console.log and any functions from minimessage there. The
> CajaContentRewriter explicitly calls opensocial.Container.enableCaja() which
> tames all of the functions listed there. Clearly this is not the right
> place to do this - each feature library will have its own idea of what
> functions should be callable and what the taming decisions should be but
> this is not something that we've fixed.
>
> I wouldn't think that if you're using shindig you'd have to manually run
>> the js source for a "feature" through the cajole_gadget command line utility
>> from caja's trunk, but I'll give that a shot and see what happens...
>>
>
> No you don't need to run anything manually - adding require caja like you
> did in your example ought to be sufficient. For example, taking
> javascript/samplecontainer/examples/SocialHelloWorld.xml and adding require
> caja should make it run cajoled.
>
> Sorry for the elementary questions...just trying to wrap my head around
>> this a bit more...
>>
>
> Its fine - its more a case of lack of documentation on our part. There's a
> non-Shindig specific description of setting up a container and taming here:
> http://code.google.com/p/google-caja/wiki/CajaHostingModules. I will add
> a better description specifically of taming to the wiki and post it here.
>
>
> Regards
> Jasvir
>
>
>>
>> On Jan 2, 2009, at 6:57 PM, Matthew Russell wrote:
>>
>> Hello,
>>>
>>> I've been doing some basic development with Shindig (HEAD), and just
>>> recently been trying to use Caja (versus just read about it.) I can't seem
>>> to find very good guidance on getting Caja to work with Shindig and gadgets,
>>> so I'm assuming it's probably supposed to be easier than I'm making it.
>>>
>>> So, I was wondering if I could get some help understanding why the
>>> following things do not work, and what I would do to get them to work. I've
>>> included a simple gadget below with the most basic things I could think of
>>> trying to do. If I can get a hand understanding what's going on here, I'll
>>> do what I can to help with docs in the way of short articles and such things
>>> since there doesn't seem to be many of those around these days.
>>>
>>> <?xml version="1.0" encoding="UTF-8" ?>
>>> <Module>
>>> <ModulePrefs title="Cajoled Gadgets Example">
>>> <Require feature="minimessage"/>
>>> <Require feature="opensocial-0.8"/>
>>> <Require feature="caja"/>
>>> </ModulePrefs>
>>> <Content type="html">
>>> <![CDATA[
>>> <script type="text/javascript">
>>>
>>> /*#1 - this doesn't work - get error about untamed function.
>>> how to tame it? should i be doing this manually?
>>> */
>>> //var msg = new gadgets.MiniMessage(__MODULE_ID__);
>>> //msg.createDismissibleMessage("hello?");
>>>
>>> /*#2 - this doesn't work either - get message about
>>> "x0__ being null" */
>>> //gadgets.util.registerOnLoadHandler(function() {
>>> // document.getElementById("foo").innerHTML = "bar";
>>> //});
>>>
>>> /*#3 -this doesn't work either - "this.node__ is undefined"
>>> */
>>> //var e = document.createElement("div");
>>> //e.innerHTML = "foobar";
>>> //document.appendChild(e);
>>>
>>> /*#4 nor does this work - "invalid instanceof operand
>>> result"*/
>>> console.log("hello?");
>>> </script>
>>> <div id="foo">hello?</div>
>>> ]]>
>>> </Content>
>>> </Module>
>>>
>>
>>
>
Re: using caja for the simplest possible gadgets not working for me
Posted by Jasvir Nagra <ja...@google.com>.
Hi Matt,
Comments inline below.
On Fri, Jan 2, 2009 at 10:13 PM, Matthew Russell <
matthew.russell@digitalreasoning.com> wrote:
> I noticed that #2 and #3 in the code work if I wrap the code in a
> gadgets.util.registerOnLoad handler, so I'm guessing those were probably
> race conditions?
>
> Maybe #4 just isn't meant to be because "console" isn't on the white list,
> which make sense for a production situation? I saw some stuff from googling
> that suggests there may be a wrapper around console.log (log-to-console.js)
> but I can't find it, nor can I find a nice clean doc on what it means to
> "tame" a function like console.log. Still looking for one of those.
>
As for #1 - how do you "tame" gadgets.MiniMessage? I wouldn't think that if
> you're using shindig you'd have to manually run the js source for a
> "feature" through the cajole_gadget command line utility from caja's trunk,
> but I'll give that a shot and see what happens...
>
For both #1 and #4 you've hit on exactly the reason. Caja uses a
whitelisting approach and a function is not callable (nor are variables
readable) unless the container -- in this case shindig -- whitelists it so.
Taming is simply the whitelisting of particular functions and variables (it
can be a bit more than that - for example, a library may wish to ensure that
particular functions are only called with the right number and type of
arguments or some other restriction -- the taming layer can enforce those
constraints.)
Currently the only feature library that is tamed is opensocial. You can see
the taming at the bottom of features/opensocial-reference/container.js and
whitelist console.log and any functions from minimessage there. The
CajaContentRewriter explicitly calls opensocial.Container.enableCaja() which
tames all of the functions listed there. Clearly this is not the right
place to do this - each feature library will have its own idea of what
functions should be callable and what the taming decisions should be but
this is not something that we've fixed.
I wouldn't think that if you're using shindig you'd have to manually run the
> js source for a "feature" through the cajole_gadget command line utility
> from caja's trunk, but I'll give that a shot and see what happens...
>
No you don't need to run anything manually - adding require caja like you
did in your example ought to be sufficient. For example, taking
javascript/samplecontainer/examples/SocialHelloWorld.xml and adding require
caja should make it run cajoled.
Sorry for the elementary questions...just trying to wrap my head around this
> a bit more...
>
Its fine - its more a case of lack of documentation on our part. There's a
non-Shindig specific description of setting up a container and taming here:
http://code.google.com/p/google-caja/wiki/CajaHostingModules. I will add a
better description specifically of taming to the wiki and post it here.
Regards
Jasvir
>
> On Jan 2, 2009, at 6:57 PM, Matthew Russell wrote:
>
> Hello,
>>
>> I've been doing some basic development with Shindig (HEAD), and just
>> recently been trying to use Caja (versus just read about it.) I can't seem
>> to find very good guidance on getting Caja to work with Shindig and gadgets,
>> so I'm assuming it's probably supposed to be easier than I'm making it.
>>
>> So, I was wondering if I could get some help understanding why the
>> following things do not work, and what I would do to get them to work. I've
>> included a simple gadget below with the most basic things I could think of
>> trying to do. If I can get a hand understanding what's going on here, I'll
>> do what I can to help with docs in the way of short articles and such things
>> since there doesn't seem to be many of those around these days.
>>
>> <?xml version="1.0" encoding="UTF-8" ?>
>> <Module>
>> <ModulePrefs title="Cajoled Gadgets Example">
>> <Require feature="minimessage"/>
>> <Require feature="opensocial-0.8"/>
>> <Require feature="caja"/>
>> </ModulePrefs>
>> <Content type="html">
>> <![CDATA[
>> <script type="text/javascript">
>>
>> /*#1 - this doesn't work - get error about untamed function.
>> how to tame it? should i be doing this manually?
>> */
>> //var msg = new gadgets.MiniMessage(__MODULE_ID__);
>> //msg.createDismissibleMessage("hello?");
>>
>> /*#2 - this doesn't work either - get message about
>> "x0__ being null" */
>> //gadgets.util.registerOnLoadHandler(function() {
>> // document.getElementById("foo").innerHTML = "bar";
>> //});
>>
>> /*#3 -this doesn't work either - "this.node__ is undefined"
>> */
>> //var e = document.createElement("div");
>> //e.innerHTML = "foobar";
>> //document.appendChild(e);
>>
>> /*#4 nor does this work - "invalid instanceof operand
>> result"*/
>> console.log("hello?");
>> </script>
>> <div id="foo">hello?</div>
>> ]]>
>> </Content>
>> </Module>
>>
>
>
Re: using caja for the simplest possible gadgets not working for me
Posted by Matthew Russell <ma...@digitalreasoning.com>.
I noticed that #2 and #3 in the code work if I wrap the code in a
gadgets.util.registerOnLoad handler, so I'm guessing those were
probably race conditions?
Maybe #4 just isn't meant to be because "console" isn't on the white
list, which make sense for a production situation? I saw some stuff
from googling that suggests there may be a wrapper around console.log
(log-to-console.js) but I can't find it, nor can I find a nice clean
doc on what it means to "tame" a function like console.log. Still
looking for one of those.
As for #1 - how do you "tame" gadgets.MiniMessage? I wouldn't think
that if you're using shindig you'd have to manually run the js source
for a "feature" through the cajole_gadget command line utility from
caja's trunk, but I'll give that a shot and see what happens...
Sorry for the elementary questions...just trying to wrap my head
around this a bit more...
On Jan 2, 2009, at 6:57 PM, Matthew Russell wrote:
> Hello,
>
> I've been doing some basic development with Shindig (HEAD), and just
> recently been trying to use Caja (versus just read about it.) I
> can't seem to find very good guidance on getting Caja to work with
> Shindig and gadgets, so I'm assuming it's probably supposed to be
> easier than I'm making it.
>
> So, I was wondering if I could get some help understanding why the
> following things do not work, and what I would do to get them to
> work. I've included a simple gadget below with the most basic
> things I could think of trying to do. If I can get a hand
> understanding what's going on here, I'll do what I can to help with
> docs in the way of short articles and such things since there
> doesn't seem to be many of those around these days.
>
> <?xml version="1.0" encoding="UTF-8" ?>
> <Module>
> <ModulePrefs title="Cajoled Gadgets Example">
> <Require feature="minimessage"/>
> <Require feature="opensocial-0.8"/>
> <Require feature="caja"/>
> </ModulePrefs>
> <Content type="html">
> <![CDATA[
> <script type="text/javascript">
>
> /*#1 - this doesn't work - get error about untamed
> function.
> how to tame it? should i be doing this
> manually? */
> //var msg = new gadgets.MiniMessage(__MODULE_ID__);
> //msg.createDismissibleMessage("hello?");
>
> /*#2 - this doesn't work either - get message about
> "x0__ being null" */
> //gadgets.util.registerOnLoadHandler(function() {
> // document.getElementById("foo").innerHTML = "bar";
> //});
>
> /*#3 -this doesn't work either - "this.node__ is
> undefined" */
> //var e = document.createElement("div");
> //e.innerHTML = "foobar";
> //document.appendChild(e);
>
> /*#4 nor does this work - "invalid instanceof operand
> result"*/
> console.log("hello?");
> </script>
> <div id="foo">hello?</div>
> ]]>
> </Content>
> </Module>
Re: using caja for the simplest possible gadgets not working for me
Posted by Kevin Brown <et...@google.com>.
On Fri, Jan 2, 2009 at 4:57 PM, Matthew Russell <
matthew.russell@digitalreasoning.com> wrote:
> Hello,
>
> I've been doing some basic development with Shindig (HEAD), and just
> recently been trying to use Caja (versus just read about it.) I can't seem
> to find very good guidance on getting Caja to work with Shindig and gadgets,
> so I'm assuming it's probably supposed to be easier than I'm making it.
>
> So, I was wondering if I could get some help understanding why the
> following things do not work, and what I would do to get them to work. I've
> included a simple gadget below with the most basic things I could think of
> trying to do. If I can get a hand understanding what's going on here, I'll
> do what I can to help with docs in the way of short articles and such things
> since there doesn't seem to be many of those around these days.
Some of these issues are shindig-related. Others should probably go to the
caja discussion list.
>
>
> <?xml version="1.0" encoding="UTF-8" ?>
> <Module>
> <ModulePrefs title="Cajoled Gadgets Example">
> <Require feature="minimessage"/>
> <Require feature="opensocial-0.8"/>
> <Require feature="caja"/>
> </ModulePrefs>
> <Content type="html">
> <![CDATA[
> <script type="text/javascript">
>
> /*#1 - this doesn't work - get error about untamed function.
> how to tame it? should i be doing this manually?
> */
> //var msg = new gadgets.MiniMessage(__MODULE_ID__);
> //msg.createDismissibleMessage("hello?");
At present, only the "opensocial-0.x" feature is tamed. A "tamed" function
is one that has been wrapped in a special way to indicate to caja that it is
safe for third parties to call it.
Taming the remaining libraries is the biggest outstanding problem with
deploying caja at the moment.
>
>
> /*#2 - this doesn't work either - get message about
> "x0__ being null" */
> //gadgets.util.registerOnLoadHandler(function() {
> // document.getElementById("foo").innerHTML = "bar";
> //});
>
> /*#3 -this doesn't work either - "this.node__ is undefined"
> */
> //var e = document.createElement("div");
> //e.innerHTML = "foobar";
> //document.appendChild(e);
>
> /*#4 nor does this work - "invalid instanceof operand
> result"*/
> console.log("hello?");
No idea on any of these last items.
>
> </script>
> <div id="foo">hello?</div>
> ]]>
> </Content>
> </Module>
>