Support for extending script tags to support other languages via translation

Script tags support a language attribute which causes a different language interpreter
to be used on the contents of the script block.  This increases the attack surface that
needs to be understood.  An alternative is to translate source languages into a single
or a small number of target languages which can then be understood and secured.

This mechanism would also be useful to simplify the composition of a web page that has
a mix of trusted (that needs to be innocent-transformed) code and untrusted (that needs
to be cajoled) as well as allow a page to be coded in a mix of langauges (e2js, caja,
gwt, flapjacks).

[Jasvir, 2010-06-03 21:27:07]

This change still has a lot of sharp corners.  Feedback appreciated.

[MarkM, 2010-06-03 21:38:59]

http://codereview.appspot.com/1529041/diff/1/2
File src/com/google/caja/service/extended.js (right):

http://codereview.appspot.com/1529041/diff/1/2#newcode53
src/com/google/caja/service/extended.js:53: *   LANG_URL (1 & 2) = is the uri of
the language and when treated as a url, points to the webservice translator
Please reformat to 80 columns and snapshot again. Thanks.

[Jasvir, 2010-06-03 22:31:30]

Done

[Jasvir, 2011-01-31 23:05:28]

Retracting the CL - a lot of issues and no clear benefit.

On 2010/06/03 22:31:30, jasvir wrote:
> Done