你是说抄FB的JS跨域？

【 在 FreeWizard (  ) 的大作中提到: 】
//Google开始抄Facebook。

http://code.google.com/p/google-caja/

Using Caja, web apps can safely allow scripts in third party content.

The computer industry has only one significant success enabling documents to
carry active content safely: scripts in web pages. Normal users regularly
browse untrusted sites with Javascript turned on. Modulo browser bugs and
phishing, they mostly remain safe. But even though web apps build on this
success, they fail to provide its power. Web apps generally remove scripts
from third party content, reducing content to passive data. Examples include
webmail, groups, blogs, chat, docs and spreadsheets, wikis, and more.

Were scripts in an object-capability language, web apps could provide active
content safely, simply, and flexibly. Surprisingly, this is possible within
existing web standards. Caja represents our discovery that a subset of
Javascript is an object-capability language.
--
FROM 221.221.145.*