Caja: Capability model for javascript

This could be one of the coolest things to come along in a while.  I heard it mentioned at OWASP and then just found an article on Financial Cryptography about it as well.

FYI, wikipedia article on Capability-based security

Links » Caja: Capability Javascript

...rather than modify Javascript, we restrict it to a large subset. This means that a Caja program will run without modification on a standard Javascript interpreter - though it won’t be secure, of course! When it is compiled then, like CaPerl, the result is standard Javascript that enforces capability security. What does this mean? It means that Web apps can embed untrusted third party code without concern that it might compromise either the application’s or the user’s security.