It doesn't help in this case, since an attacker can just insert plain old JS. Caja (and similar things) only help for code you can actually put through the Cajoler.

It's still a good, if imperfect, solution for other use-cases.