SlideShare a Scribd company logo

Re-Introduction to Third-party Scripting

B
benvinegar
Technology
1 of 58
Download to read offline
a re-introduction to third-party scripting techtalksTO Sunday, September 18, 2011
who invited this guy? • name’s ben • former torontonian • working at disqus in san francisco Sunday, September 18, 2011
DISQUS • dis·cuss • dĭ-skŭs' • third-party commenting platform • customers: CNN, MLB, IGN, and other exciting acronyms • 500 million visitors/month Sunday, September 18, 2011
third-party scripts Sunday, September 18, 2011
third-party scripts • js written by someone else • executing on your website • loaded from a remote server Sunday, September 18, 2011
third-party scripts Sunday, September 18, 2011
simple concept, powerful results Sunday, September 18, 2011
ad scripts Google AdSense (http://adsense.com) Sunday, September 18, 2011
analytics CrazyEgg (http://crazyegg.com) Sunday, September 18, 2011
embedded widgets Disqus (http://disqus.com) Sunday, September 18, 2011
widgets cont’d Guestlist (http://guestlistapp.com) Sunday, September 18, 2011
browser plugins Rapportive (http://rapportive.com) Sunday, September 18, 2011
js apis/sdks LinkedIn (http://developer.linkedin.com/javascript) Sunday, September 18, 2011
writing them != easy • operate in unknown, uncontrolled environment • shared DOM, globals • browser limitations • debugging remote sites is hard Sunday, September 18, 2011
the good news Sunday, September 18, 2011
it’s getting better • new browser features • newly discovered techniques (hacks) • powerful new open source libraries • published literature? Sunday, September 18, 2011
let’s take the tour Sunday, September 18, 2011
script loading Sunday, September 18, 2011
blocking includes • standard script includes block rendering • giving us a bad rep! • culprit: document.write Sunday, September 18, 2011
document.write Sunday, September 18, 2011
example: github gists Sunday, September 18, 2011
embedded gists Sunday, September 18, 2011
HTML5’s async attr Sunday, September 18, 2011
async-friendly insert Sunday, September 18, 2011
async browser support • Firefox 3.6+ • Chrome 7+ • Safari 5.0 • IE 10 (!) • Notably absent: Opera Sunday, September 18, 2011
dynamic script creation Sunday, September 18, 2011
first impressions count • hard to get website owners to update their script includes • people are still using blocking disqus include (deprecated mid-2009) • who still uses blocking GA include? Sunday, September 18, 2011
shared environment Sunday, September 18, 2011
global collisions • unknown scripts executing on same page • may introduce conflicting variables • DOM queries may inadvertently select your elements (or vice versa) Sunday, September 18, 2011
namespace your js! Sunday, September 18, 2011
bonus points: html • id=”dsq-comment-8” • class=”dsq-comment” • data-dsq-username=”jimbob” • Bad: class=”dsq-comment active” Sunday, September 18, 2011
js libs • you should use ‘em • what if they already exist on the page? Sunday, September 18, 2011
$.noConflict • utility method for assigning jQuery global ($) to a variable • great for namespacing • becoming a standard pattern Sunday, September 18, 2011
libs w/ noConflict • LABjs • Underscore.js • Backbone.js • Ender.js and its assoc. microlibs • easyXDM Sunday, September 18, 2011
destructive libs Sunday, September 18, 2011
sandboxing • run your code inside a src-less iframe • clean js environment • no global state leak Sunday, September 18, 2011
twitter @anywhere • twitter widget library • supports multiple lib versions/ instances per page • each version is sandboxed in a separate iframe Sunday, September 18, 2011
twitter @anywhere iframe A iframe B Sunday, September 18, 2011
hiro.js • QUnit-like js testing library • each test suite runs in a new iframe • optional: seed iframe environment Hiro (http://github.com/antonkovalyov/hiro) Sunday, September 18, 2011
ajax Sunday, September 18, 2011
cross-domain ajax • can’t initiate XmlHttpRequest from foo.com to bar.com • same-origin policy (host, port, protocol) • subdomains a ected too Sunday, September 18, 2011
w/o same-origin pol. • What if I hosted a page with the following ... Sunday, September 18, 2011
CORS • Cross-Origin Resource Sharing • special http headers that permit XD access to resources • W3C working draft • Firefox 3.5+, Chrome 3+, Safari 4+, IE8+ Sunday, September 18, 2011
CORS headers Cors Example (http://saltybeagle.com/cors) Sunday, September 18, 2011
JSONP • load JSON using <script> elements • script element bypasses same-origin policy • built-in helpers in most js frameworks Sunday, September 18, 2011
JSONP example Sunday, September 18, 2011
JSONP example Sunday, September 18, 2011
JSONP cont’d • only supports GET requests • script loading can’t detect 400, 500 errors (rely on timeouts) • caching complications when generating new response each time Sunday, September 18, 2011
postMessage • HTML5 API for cross-window communication • works with iframes, new windows • Firefox 3+, Safari 4+, Chrome (all), IE8+ Sunday, September 18, 2011
postMessage foo.com bar.com Sunday, September 18, 2011
iframe tunnels foo.com postMessage bar.com/ xhr tunnel.html bar.com/api Sunday, September 18, 2011
easyXDM • postMessage-like API for window objs • uses Flash, obscure transport protocols when postMessage is n/a • wider browser support • Disqus, Twitter, Scribd, LinkedIn ... easyXDM (http://easyxdm.net) Sunday, September 18, 2011
debugging Sunday, September 18, 2011
how do you debug this mess? Sunday, September 18, 2011
switches • serve unminified js for specific sites, users* Sunday, September 18, 2011
proxies • send all http tra c to a proxy server • rewrite production urls • from widget.com to ... • localhost • staging.widget.com • newfeature.staging.widget.com Sunday, September 18, 2011
wrapping up Sunday, September 18, 2011
thanks • @bentlegen • disqus is hiring js/python/django in san francisco • (canadians welcome) • book coming early 2018 Sunday, September 18, 2011

Recommended

Modern iframe programming
Modern iframe programmingModern iframe programming
Modern iframe programmingbenvinegar
 
Apcug 2011 07-17-intro_to_drupal_jeff_schuler
Apcug 2011 07-17-intro_to_drupal_jeff_schulerApcug 2011 07-17-intro_to_drupal_jeff_schuler
Apcug 2011 07-17-intro_to_drupal_jeff_schulerhewie
 
Happiness vs. Riches
Happiness vs. RichesHappiness vs. Riches
Happiness vs. Richesbostonsteamer
 
Keller module13
Keller module13Keller module13
Keller module13erikkaa
 
Borrador m.c sp
Borrador m.c spBorrador m.c sp
Borrador m.c spJuan Francisco Alvarez Illanes
 
A Re-Introduction to Third-Party Scripting
A Re-Introduction to Third-Party ScriptingA Re-Introduction to Third-Party Scripting
A Re-Introduction to Third-Party Scriptingbenvinegar
 
Building Distributed JavaScript Widgets with jQuery
Building Distributed JavaScript Widgets with jQueryBuilding Distributed JavaScript Widgets with jQuery
Building Distributed JavaScript Widgets with jQuerybenvinegar
 
2011 june-kuala-lumpur-gtug-hackathon
2011 june-kuala-lumpur-gtug-hackathon2011 june-kuala-lumpur-gtug-hackathon
2011 june-kuala-lumpur-gtug-hackathonikailan
 

Recommended

Modern iframe programming
Modern iframe programmingModern iframe programming
Modern iframe programmingbenvinegar
 
Apcug 2011 07-17-intro_to_drupal_jeff_schuler
Apcug 2011 07-17-intro_to_drupal_jeff_schulerApcug 2011 07-17-intro_to_drupal_jeff_schuler
Apcug 2011 07-17-intro_to_drupal_jeff_schulerhewie
 
Happiness vs. Riches
Happiness vs. RichesHappiness vs. Riches
Happiness vs. Richesbostonsteamer
 
Keller module13
Keller module13Keller module13
Keller module13erikkaa
 
Borrador m.c sp
Borrador m.c spBorrador m.c sp
Borrador m.c spJuan Francisco Alvarez Illanes
 
A Re-Introduction to Third-Party Scripting
A Re-Introduction to Third-Party ScriptingA Re-Introduction to Third-Party Scripting
A Re-Introduction to Third-Party Scriptingbenvinegar
 
Building Distributed JavaScript Widgets with jQuery
Building Distributed JavaScript Widgets with jQueryBuilding Distributed JavaScript Widgets with jQuery
Building Distributed JavaScript Widgets with jQuerybenvinegar
 
2011 june-kuala-lumpur-gtug-hackathon
2011 june-kuala-lumpur-gtug-hackathon2011 june-kuala-lumpur-gtug-hackathon
2011 june-kuala-lumpur-gtug-hackathonikailan
 
Capitol js
Capitol jsCapitol js
Capitol jsBrendan Eich
 
Symfony2: Get your project started
Symfony2: Get your project startedSymfony2: Get your project started
Symfony2: Get your project startedRyan Weaver
 
AFNetworking
AFNetworking AFNetworking
AFNetworking joaopmaia
 
Pocket Knife JS
Pocket Knife JSPocket Knife JS
Pocket Knife JSDiogo Antunes
 
Intro to HTML5 Game Programming
Intro to HTML5 Game ProgrammingIntro to HTML5 Game Programming
Intro to HTML5 Game ProgrammingJames Williams
 
Iwmn architecture
Iwmn architectureIwmn architecture
Iwmn architectureLenz Gschwendtner
 
Modularizing your Grails Application with Private Plugins - SpringOne 2GX 2012
Modularizing your Grails Application with Private Plugins - SpringOne 2GX 2012Modularizing your Grails Application with Private Plugins - SpringOne 2GX 2012
Modularizing your Grails Application with Private Plugins - SpringOne 2GX 2012kennethaliu
 
HTML5, are we there yet?
HTML5, are we there yet?HTML5, are we there yet?
HTML5, are we there yet?Ovidiu Dimulescu
 
Sean coates fifty things and tricks, confoo 2011
Sean coates fifty things and tricks, confoo 2011Sean coates fifty things and tricks, confoo 2011
Sean coates fifty things and tricks, confoo 2011Bachkoutou Toutou
 
eZ Publish nextgen
eZ Publish nextgeneZ Publish nextgen
eZ Publish nextgenJérôme Vieilledent
 
Front end for back end developers
Front end for back end developersFront end for back end developers
Front end for back end developersWojciech Bednarski
 
Intridea & open source
Intridea & open sourceIntridea & open source
Intridea & open sourceDaniel Lv
 
HTML5 and Sencha Touch
HTML5 and Sencha TouchHTML5 and Sencha Touch
HTML5 and Sencha TouchPatrick Sheridan
 
DjangoSki
DjangoSkiDjangoSki
DjangoSkiBrian LeRoux
 
Toolset of Beansmile
Toolset of BeansmileToolset of Beansmile
Toolset of Beansmileleondu
 
Web API's World
Web API's WorldWeb API's World
Web API's WorldMichele Zonca
 
Creating a Global E-Commerce Website With E-Business Suite and Fusion Middleware
Creating a Global E-Commerce Website With E-Business Suite and Fusion MiddlewareCreating a Global E-Commerce Website With E-Business Suite and Fusion Middleware
Creating a Global E-Commerce Website With E-Business Suite and Fusion MiddlewareBrian Huff
 
WordPress Gallery Themes & Plugins
WordPress Gallery Themes & PluginsWordPress Gallery Themes & Plugins
WordPress Gallery Themes & PluginsNoel Saw
 
KubeSecOps
KubeSecOpsKubeSecOps
KubeSecOpsKarthik Gaekwad
 
Integrating ECM (WebCenter Content) with your Enterprise! 5 Tips to Try, 5 Tr...
Integrating ECM (WebCenter Content) with your Enterprise! 5 Tips to Try, 5 Tr...Integrating ECM (WebCenter Content) with your Enterprise! 5 Tips to Try, 5 Tr...
Integrating ECM (WebCenter Content) with your Enterprise! 5 Tips to Try, 5 Tr...Brian Huff
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 

More Related Content

Similar to Re-Introduction to Third-party Scripting

Symfony2: Get your project started
Symfony2: Get your project startedSymfony2: Get your project started
Symfony2: Get your project startedRyan Weaver
 
AFNetworking
AFNetworking AFNetworking
AFNetworking joaopmaia
 
Intro to HTML5 Game Programming
Intro to HTML5 Game ProgrammingIntro to HTML5 Game Programming
Intro to HTML5 Game ProgrammingJames Williams
 
Modularizing your Grails Application with Private Plugins - SpringOne 2GX 2012
Modularizing your Grails Application with Private Plugins - SpringOne 2GX 2012Modularizing your Grails Application with Private Plugins - SpringOne 2GX 2012
Modularizing your Grails Application with Private Plugins - SpringOne 2GX 2012kennethaliu
 
Sean coates fifty things and tricks, confoo 2011
Sean coates fifty things and tricks, confoo 2011Sean coates fifty things and tricks, confoo 2011
Sean coates fifty things and tricks, confoo 2011Bachkoutou Toutou
 
Front end for back end developers
Front end for back end developersFront end for back end developers
Front end for back end developersWojciech Bednarski
 
Intridea & open source
Intridea & open sourceIntridea & open source
Intridea & open sourceDaniel Lv
 
Toolset of Beansmile
Toolset of BeansmileToolset of Beansmile
Toolset of Beansmileleondu
 
Creating a Global E-Commerce Website With E-Business Suite and Fusion Middleware
Creating a Global E-Commerce Website With E-Business Suite and Fusion MiddlewareCreating a Global E-Commerce Website With E-Business Suite and Fusion Middleware
Creating a Global E-Commerce Website With E-Business Suite and Fusion MiddlewareBrian Huff
 
WordPress Gallery Themes & Plugins
WordPress Gallery Themes & PluginsWordPress Gallery Themes & Plugins
WordPress Gallery Themes & PluginsNoel Saw
 
Integrating ECM (WebCenter Content) with your Enterprise! 5 Tips to Try, 5 Tr...
Integrating ECM (WebCenter Content) with your Enterprise! 5 Tips to Try, 5 Tr...Integrating ECM (WebCenter Content) with your Enterprise! 5 Tips to Try, 5 Tr...
Integrating ECM (WebCenter Content) with your Enterprise! 5 Tips to Try, 5 Tr...Brian Huff
 

Similar to Re-Introduction to Third-party Scripting (20)

Capitol js
Capitol jsCapitol js
Capitol js
 
Symfony2: Get your project started
Symfony2: Get your project startedSymfony2: Get your project started
Symfony2: Get your project started
 
AFNetworking
AFNetworking AFNetworking
AFNetworking
 
Pocket Knife JS
Pocket Knife JSPocket Knife JS
Pocket Knife JS
 
Intro to HTML5 Game Programming
Intro to HTML5 Game ProgrammingIntro to HTML5 Game Programming
Intro to HTML5 Game Programming
 
Iwmn architecture
Iwmn architectureIwmn architecture
Iwmn architecture
 
Modularizing your Grails Application with Private Plugins - SpringOne 2GX 2012
Modularizing your Grails Application with Private Plugins - SpringOne 2GX 2012Modularizing your Grails Application with Private Plugins - SpringOne 2GX 2012
Modularizing your Grails Application with Private Plugins - SpringOne 2GX 2012
 
HTML5, are we there yet?
HTML5, are we there yet?HTML5, are we there yet?
HTML5, are we there yet?
 
Sean coates fifty things and tricks, confoo 2011
Sean coates fifty things and tricks, confoo 2011Sean coates fifty things and tricks, confoo 2011
Sean coates fifty things and tricks, confoo 2011
 
eZ Publish nextgen
eZ Publish nextgeneZ Publish nextgen
eZ Publish nextgen
 
Front end for back end developers
Front end for back end developersFront end for back end developers
Front end for back end developers
 
Intridea & open source
Intridea & open sourceIntridea & open source
Intridea & open source
 
HTML5 and Sencha Touch
HTML5 and Sencha TouchHTML5 and Sencha Touch
HTML5 and Sencha Touch
 
DjangoSki
DjangoSkiDjangoSki
DjangoSki
 
Toolset of Beansmile
Toolset of BeansmileToolset of Beansmile
Toolset of Beansmile
 
Web API's World
Web API's WorldWeb API's World
Web API's World
 
Creating a Global E-Commerce Website With E-Business Suite and Fusion Middleware
Creating a Global E-Commerce Website With E-Business Suite and Fusion MiddlewareCreating a Global E-Commerce Website With E-Business Suite and Fusion Middleware
Creating a Global E-Commerce Website With E-Business Suite and Fusion Middleware
 
WordPress Gallery Themes & Plugins
WordPress Gallery Themes & PluginsWordPress Gallery Themes & Plugins
WordPress Gallery Themes & Plugins
 
KubeSecOps
KubeSecOpsKubeSecOps
KubeSecOps
 
Integrating ECM (WebCenter Content) with your Enterprise! 5 Tips to Try, 5 Tr...
Integrating ECM (WebCenter Content) with your Enterprise! 5 Tips to Try, 5 Tr...Integrating ECM (WebCenter Content) with your Enterprise! 5 Tips to Try, 5 Tr...
Integrating ECM (WebCenter Content) with your Enterprise! 5 Tips to Try, 5 Tr...
 

Recently uploaded

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

Re-Introduction to Third-party Scripting

  • 1. a re-introduction to third-party scripting techtalksTO Sunday, September 18, 2011
  • 2. who invited this guy? • name’s ben • former torontonian • working at disqus in san francisco Sunday, September 18, 2011
  • 3. DISQUS • dis·cuss • dĭ-skŭs' • third-party commenting platform • customers: CNN, MLB, IGN, and other exciting acronyms • 500 million visitors/month Sunday, September 18, 2011
  • 5. third-party scripts • js written by someone else • executing on your website • loaded from a remote server Sunday, September 18, 2011
  • 7. simple concept, powerful results Sunday, September 18, 2011
  • 8. ad scripts Google AdSense (http://adsense.com) Sunday, September 18, 2011
  • 9. analytics CrazyEgg (http://crazyegg.com) Sunday, September 18, 2011
  • 10. embedded widgets Disqus (http://disqus.com) Sunday, September 18, 2011
  • 11. widgets cont’d Guestlist (http://guestlistapp.com) Sunday, September 18, 2011
  • 12. browser plugins Rapportive (http://rapportive.com) Sunday, September 18, 2011
  • 13. js apis/sdks LinkedIn (http://developer.linkedin.com/javascript) Sunday, September 18, 2011
  • 14. writing them != easy • operate in unknown, uncontrolled environment • shared DOM, globals • browser limitations • debugging remote sites is hard Sunday, September 18, 2011
  • 15. the good news Sunday, September 18, 2011
  • 16. it’s getting better • new browser features • newly discovered techniques (hacks) • powerful new open source libraries • published literature? Sunday, September 18, 2011
  • 17. let’s take the tour Sunday, September 18, 2011
  • 19. blocking includes • standard script includes block rendering • giving us a bad rep! • culprit: document.write Sunday, September 18, 2011
  • 21. example: github gists Sunday, September 18, 2011
  • 23. HTML5’s async attr Sunday, September 18, 2011
  • 25. async browser support • Firefox 3.6+ • Chrome 7+ • Safari 5.0 • IE 10 (!) • Notably absent: Opera Sunday, September 18, 2011
  • 26. dynamic script creation Sunday, September 18, 2011
  • 27. first impressions count • hard to get website owners to update their script includes • people are still using blocking disqus include (deprecated mid-2009) • who still uses blocking GA include? Sunday, September 18, 2011
  • 29. global collisions • unknown scripts executing on same page • may introduce conflicting variables • DOM queries may inadvertently select your elements (or vice versa) Sunday, September 18, 2011
  • 30. namespace your js! Sunday, September 18, 2011
  • 31. bonus points: html • id=”dsq-comment-8” • class=”dsq-comment” • data-dsq-username=”jimbob” • Bad: class=”dsq-comment active” Sunday, September 18, 2011
  • 32. js libs • you should use ‘em • what if they already exist on the page? Sunday, September 18, 2011
  • 33. $.noConflict • utility method for assigning jQuery global ($) to a variable • great for namespacing • becoming a standard pattern Sunday, September 18, 2011
  • 34. libs w/ noConflict • LABjs • Underscore.js • Backbone.js • Ender.js and its assoc. microlibs • easyXDM Sunday, September 18, 2011
  • 36. sandboxing • run your code inside a src-less iframe • clean js environment • no global state leak Sunday, September 18, 2011
  • 37. twitter @anywhere • twitter widget library • supports multiple lib versions/ instances per page • each version is sandboxed in a separate iframe Sunday, September 18, 2011
  • 38. twitter @anywhere iframe A iframe B Sunday, September 18, 2011
  • 39. hiro.js • QUnit-like js testing library • each test suite runs in a new iframe • optional: seed iframe environment Hiro (http://github.com/antonkovalyov/hiro) Sunday, September 18, 2011
  • 41. cross-domain ajax • can’t initiate XmlHttpRequest from foo.com to bar.com • same-origin policy (host, port, protocol) • subdomains a ected too Sunday, September 18, 2011
  • 42. w/o same-origin pol. • What if I hosted a page with the following ... Sunday, September 18, 2011
  • 43. CORS • Cross-Origin Resource Sharing • special http headers that permit XD access to resources • W3C working draft • Firefox 3.5+, Chrome 3+, Safari 4+, IE8+ Sunday, September 18, 2011
  • 44. CORS headers Cors Example (http://saltybeagle.com/cors) Sunday, September 18, 2011
  • 45. JSONP • load JSON using <script> elements • script element bypasses same-origin policy • built-in helpers in most js frameworks Sunday, September 18, 2011
  • 48. JSONP cont’d • only supports GET requests • script loading can’t detect 400, 500 errors (rely on timeouts) • caching complications when generating new response each time Sunday, September 18, 2011
  • 49. postMessage • HTML5 API for cross-window communication • works with iframes, new windows • Firefox 3+, Safari 4+, Chrome (all), IE8+ Sunday, September 18, 2011
  • 50. postMessage foo.com bar.com Sunday, September 18, 2011
  • 51. iframe tunnels foo.com postMessage bar.com/ xhr tunnel.html bar.com/api Sunday, September 18, 2011
  • 52. easyXDM • postMessage-like API for window objs • uses Flash, obscure transport protocols when postMessage is n/a • wider browser support • Disqus, Twitter, Scribd, LinkedIn ... easyXDM (http://easyxdm.net) Sunday, September 18, 2011
  • 54. how do you debug this mess? Sunday, September 18, 2011
  • 55. switches • serve unminified js for specific sites, users* Sunday, September 18, 2011
  • 56. proxies • send all http tra c to a proxy server • rewrite production urls • from widget.com to ... • localhost • staging.widget.com • newfeature.staging.widget.com Sunday, September 18, 2011
  • 58. thanks • @bentlegen • disqus is hiring js/python/django in san francisco • (canadians welcome) • book coming early 2018 Sunday, September 18, 2011