Items tagged javascript in Jan, 2011
Filters: Year: 2011 × Month: Jan × javascript × Sorted by date
The code injected to steal passwords in Tunisia. Here’s the JavaScript that (presumably) the Tunisian government were injecting in to login pages that were served over HTTP. # 24th January 2011, 6:45 pm
Why would someone browse the web with JavaScript disabled?
Security conscious users (who understand the implications of XSS and CSRF attacks) sometimes disable JavaScript completely, or use a tool like the NoScript extension to disable it for all sites and only re-enable it on a small whitelist of sites that they trust.
[... 67 words]Display your events on your own website with Lanyrd Badges. We’ve launched badges for Lanyrd—JavaScript that lets you embed a top bar or a content “splat” showing events you plan to attend, talks you’ve given in the past and other various combinations. I’m quite pleased with the implementation—the badges are configured using classes on a link to your Lanyrd profile, and the badges themselves are served through a combination of Amazon CloudFront for the initial script and a Varnish cache for the badge data itself to keep things nice and snappy. # 13th January 2011, 8:38 pm
Are there any wikis that allow the use of JavaScript on wiki pages?
Such a wiki would be grossly insecure. That said, take a look at TiddlyWiki—it’s implemented entirely in client-side JavaScript and allows plugins to be implemented by pasting JavaScript in to a textarea.
[... 53 words]Why does Facebook chat use subdomains so aggressively?
Probably because it involves long-running connections. Browsers have a limit on the number of connections you can have open to the same domain at the same time (I think it’s 8 in most browsers these days). If Facebook chat opened a connection to www.facebook.com and you opened up 8 Facebook windows you would no longer be able to navigate to any more Facebook pages, since all 8 connections would be taken up by the long lived chat connections. By connecting to a different subdomain for each connection this problem can be avoided.
[... 107 words]What are the reasons that make jQuery more popular than MooTools?
MooTools is the only major JavaScript library that still thinks extending the prototype of built-in JavaScript objects is a good idea.
[... 44 words]What are the JSON security concerns in web development?
Be very careful when implementing JSON-P for authenticated actions—evil third party sites could assemble URLs to your user’s private data and steal it. This attack has worked against Gmail in the past.
[... 203 words]