On Tuesday I saw Lon Ingram speak on Treehouse (at Austin JS) which is a JavaScript project that attempts to allow one to run external JavaScript libraries safely. Many external JavaScript libraries which run at URLs a user doesn't control which seem innocuous may in fact be sinister and place a 1 by 1 .gif image at your site with sensitive data collected from your local environment in get variables in the path to image. The analytics back at the site hosting the tiny image record the get variables and, voilà, another party has your information. Treehouse tries to find this sort of manipulation. Mr. Ingram did admit that it has its shortcomings however.
Things Austin JS peeps talk about that I found interesting:
- A Web Worker offers a way to run a .js script in a sandbox independent of a browser thread. Chrome and IE10 support debugging Web Workers. Web Workers run significantly slower than regular browser threads.
- DOM Nodes (In the DOM, everything in an HTML document is a node.)
- XHRs
- FRAG tags - The idea behind this “document fragment” tag is that it be used to wrap 3rd party content – ads, widgets, and analytics.
- SpiderMonkey (Mozilla's JavaScript engine)
No comments:
Post a Comment