Posts tagged javascript in Jan, 2011
Filters: Year: 2011 × Month: Jan × javascript × Sorted by date
The code injected to steal passwords in Tunisia. Here’s the JavaScript that (presumably) the Tunisian government were injecting in to login pages that were served over HTTP.
Why would someone browse the web with JavaScript disabled?
Security conscious users (who understand the implications of XSS and CSRF attacks) sometimes disable JavaScript completely, or use a tool like the NoScript extension to disable it for all sites and only re-enable it on a small whitelist of sites that they trust.
[... 67 words]Display your events on your own website with Lanyrd Badges. We’ve launched badges for Lanyrd—JavaScript that lets you embed a top bar or a content “splat” showing events you plan to attend, talks you’ve given in the past and other various combinations. I’m quite pleased with the implementation—the badges are configured using classes on a link to your Lanyrd profile, and the badges themselves are served through a combination of Amazon CloudFront for the initial script and a Varnish cache for the badge data itself to keep things nice and snappy.
Are there any wikis that allow the use of JavaScript on wiki pages?
Such a wiki would be grossly insecure. That said, take a look at TiddlyWiki—it’s implemented entirely in client-side JavaScript and allows plugins to be implemented by pasting JavaScript in to a textarea.
[... 53 words]Why does Facebook chat use subdomains so aggressively?
Probably because it involves long-running connections. Browsers have a limit on the number of connections you can have open to the same domain at the same time (I think it’s 8 in most browsers these days). If Facebook chat opened a connection to www.facebook.com and you opened up 8 Facebook windows you would no longer be able to navigate to any more Facebook pages, since all 8 connections would be taken up by the long lived chat connections. By connecting to a different subdomain for each connection this problem can be avoided.
[... 107 words]What are the reasons that make jQuery more popular than MooTools?
MooTools is the only major JavaScript library that still thinks extending the prototype of built-in JavaScript objects is a good idea.
[... 44 words]What are the JSON security concerns in web development?
Be very careful when implementing JSON-P for authenticated actions—evil third party sites could assemble URLs to your user’s private data and steal it. This attack has worked against Gmail in the past.
[... 203 words]