iframe programming with jquery jquery Summit 2011

Similar documents
User Interaction: jquery

RKN 2015 Application Layer Short Summary

UNIT 3 SECTION 1 Answer the following questions Q.1: What is an editor? editor editor Q.2: What do you understand by a web browser?

Jquery.ajax Call Returns Status Code Of 200 But Fires Jquery Error

Index. Ray Nicholus 2016 R. Nicholus, Beyond jquery, DOI /

CSP ODDITIES. Michele Spagnuolo Lukas Weichselbaum

AJAX: From the Client-side with JavaScript, Back to the Server

Browser code isolation

Content Security Policy

October 08: Introduction to Web Security

JavaScript Specialist v2.0 Exam 1D0-735

Comprehensive AngularJS Programming (5 Days)

AJAX: Rich Internet Applications

JavaScript. The Bad Parts. Patrick Behr

AngularJS Fundamentals

Origin Policy Enforcement in Modern Browsers

Sandboxing JavaScript. Lieven Desmet iminds-distrinet, KU Leuven OWASP BeNeLux Days 2012 (29/11/2012, Leuven) DistriNet


TIME SCHEDULE MODULE TOPICS PERIODS. HTML Document Object Model (DOM) and javascript Object Notation (JSON)

UI Course HTML: (Html, CSS, JavaScript, JQuery, Bootstrap, AngularJS) Introduction. The World Wide Web (WWW) and history of HTML

jquery and AJAX

Part 1: jquery & History of DOM Scripting

CSE 484 / CSE M 584: Computer Security and Privacy. Web Security. Autumn Tadayoshi (Yoshi) Kohno

last time: command injection

Comet and WebSocket Web Applications How to Scale Server-Side Event-Driven Scenarios

Extending the Web Security Model with Information Flow Control

To assign a name to a frame, add the name attribute to the frame tag. The syntax for this attribute is: <frame src= url name= name />

Client-side Debugging. Gary Bettencourt

JavaScript CS 4640 Programming Languages for Web Applications

Client Side JavaScript and AJAX

JavaScript Programming

Module 5 JavaScript, AJAX, and jquery. Module 5. Module 5 Contains an Individual and Group component

Varargs Training & Software Development Centre Private Limited, Module: HTML5, CSS3 & JavaScript

JavaScript components

Part of this connection identifies how the response can / should be provided to the client code via the use of a callback routine.

ENRICHING PRIMO RECORDS WITH INFORMATION FROM WORDPRESS. Karsten Kryger Hansen Aalborg University Library

JavaScript Fundamentals_

Extending the browser to secure applications

CITS1231 Web Technologies. Ajax and Web 2.0 Turning clunky website into interactive mashups

AJAX. Lab. de Bases de Dados e Aplicações Web MIEIC, FEUP 2010/11. Sérgio Nunes

Standard 1 The student will author web pages using the HyperText Markup Language (HTML)

Modern client-side defenses. Deian Stefan

Web Engineering (CC 552)

CSE361 Web Security. Attacks against the client-side of web applications. Nick Nikiforakis

THE PRAGMATIC INTRO TO REACT. Clayton Anderson thebhwgroup.com WEB AND MOBILE APP DEVELOPMENT AUSTIN, TX

Content Security Policy

Brief Intro to Firebug Sukwon Oh CSC309, Summer 2015

W3Conf, November 15 & 16, Brad Scott

Match the attack to its description:

django-sticky-uploads Documentation

Jquery Manually Set Checkbox Checked Or Not

Events & Callbacks (ESaaS 6.5)! 2013 Armando Fox & David Patterson, all rights reserved

Web API Lab. The next two deliverables you shall write yourself.

Exploiting unknown browsers and objects. with the Hackability inspector

CSCE 120: Learning To Code

Build Native-like Experiences in HTML5

CS 498RK FALL RESTFUL APIs

Module 5: Javascript, Cookies COM 420

Virtual machines (e.g., VMware)

5. Strict mode use strict ; 6. Statement without semicolon, with semicolon 7. Keywords 8. Variables var keyword and global scope variable 9.

Implementing Oath s CMP JS

The Eval that Men Do

JavaScript CS 4640 Programming Languages for Web Applications

IMY 110 Theme 11 HTML Frames

this is a cat CS50 Quiz 1 Review

Simple AngularJS thanks to Best Practices

Master Project Software Engineering: Team-based Development WS 2010/11

Jquery Ajax Json Php Mysql Data Entry Example

A Guide to Liv-ex Software Development Kit (SDK)

Enterprise Web Development

Adding Frames. In This Chapter

Human-Computer Interaction Design

Say goodbye to the pains of Ajax. Yibo

Slide 1: Developer Preview

django-baton Documentation

The Structure of the Web. Jim and Matthew

Web Development & Design Foundations with HTML5, 8 th Edition Instructor Materials Chapter 14 Test Bank

AJAX ASYNCHRONOUS JAVASCRIPT AND XML. Laura Farinetti - DAUIN

Javascript. Many examples from Kyle Simpson: Scope and Closures

State of the Open Web. Brad Neuberg, Google

Programming for Digital Media. Lecture 7 JavaScript By: A. Mousavi and P. Broomhead SERG, School of Engineering Design, Brunel University, UK

,

THE NEW ERA OF WEB DEVELOPMENT. qooxdoo. Andreas Ecker, Derrell Lipman

JavaScript Performance QCon San Francisco, Nov 8, 2012

Full Stack Developer with Java

WHITEPAPER APRIL 2018 THE DEFINITIVE GUIDE TO SAME-ORIGIN POLICY. Alex Baker, Ziyahan Albeniz, Emre İyidogan

JS Event Loop, Promises, Async Await etc. Slava Kim

Module 5 JavaScript, AJAX, and jquery. Module 5. Module 5 Contains 2 components

FIREFLY ARCHITECTURE: CO-BROWSING AT SCALE FOR THE ENTERPRISE

PHP / MYSQL DURATION: 2 MONTHS

JavaScript. What s wrong with JavaScript?


CS50 Quiz Review. November 13, 2017

pynetworktables2js Documentation

RailsConf Europe 2008 Juggernaut Realtime Rails. Alex MacCaw and Stuart Eccles

Design Document V2 ThingLink Startup

Session 18. jquery - Ajax. Reference. Tutorials. jquery Methods. Session 18 jquery and Ajax 10/31/ Robert Kelly,

KonaKart Shopping Widgets. 3rd January DS Data Systems (UK) Ltd., 9 Little Meadow Loughton, Milton Keynes Bucks MK5 8EH UK

ThingLink User Guide. Andy Chen Eric Ouyang Giovanni Tenorio Ashton Yon

Welcome to CS50 section! This is Week 10 :(

Transcription:

iframe programming with jquery jquery Summit 2011

who invited this guy? name s ben strange last name work at disqus co-author, Third-party JavaScript

disqus? dis cuss dĭ-skŭs' third-party commenting platform served on a bajillion sites we use our fair share of iframes

first, some history

frames

frames introduced in netscape navigator 2.0 (1996) standardized in html 4 frameset, frame, noframes... but obsolete in html5 (!)

iframes

iframes introduced in internet explorer 4.0 (1997) inline frame not going anywhere (part of html5 spec)

more than just embedding content

src-less frames

src-less frames separate window, DOM environment property access from parent contents load independently

restoring default browser objects

default objects undefined window JSON #tostring #indexof

default objects they can be modified - by anyone often in incompatible ways painful for third-party scripts

undefined

prototype & tojson

prototype & tojson

safari & chrome

using iframes

IE < 9

not web scale

sandboxing

sandboxing instead of taking objects/code out of an iframe, put it inside execute in clean js environment no global state leak

jquery sandbox

who s doing this?

twitter @anywhere twitter widget library supports multiple lib versions/ instances per page each version is sandboxed in a separate iframe dev.twitter.com/anywhere

twitter @anywhere iframe A iframe B

hiro.js QUnit-like testing library each test suite runs in a new iframe optional: seed iframe environment http://hirojs.com

asynchronous script loading

remember... stuff inside an iframe loads asynchronously Souders says so! still slower than other methods (script append, xhr)

iframes = slow

making synchronous scripts... async

document.write sometimes necessary evil doesn t work with async scripts you ll overwrite the whole page!

async + doc.write doesn t mix

doc.write w/ iframes tiny, synchronous outer script (outer.js) outer.js doc.writes an iframe, and loads inner.js from inside inner.js can doc.write all it wants; iframe contents load async

outer.js

google adsense http://bit.ly/google-iframe-async

cross-domain tunnels

cross-domain ajax it doesn t work affects subdomains too www.example.com can t reach api.example.com, or vice versa

universal solution: JSONP

JSONP

JSONP

JSONP script tag element bypasses same-origin policy restricted to GET requests script loading can t detect 400, 500 errors (rely on timeouts) caching is also tricky

alternatively, tunnels

xd tunnels host page creates iframe that points to url on target domain iframe can freely make xhr requests host page initiates requests through iframe

xd tunnels foo.com bar.com/ tunnel.html xhr bar.com/api

another wall how does host page communicate with iframe? same-origin policy prevents direct access window messaging apis are the solution

iframe messaging postmessage (HTML5) window.name url fragments flash catch em all: easyxdm

iframe messaging = another talk http://bit.ly/cross-domain-barrier

so let s talk about subdomains

subdomain tunnel less complicated property access is possible! document.domain host and iframe must both declare common document.domain, then they can access each other s props

www.example.com api.example.com

www.example.com

tunnel.html

downsides :( have to wait for tunnel to load extra requests, bandwidth is there a better way?

JSONPI json + padding + iframes (aka my awful attempt to coin something)

iframe POST

iframe POST create an iframe create a form set form s target=... attribute to point to iframe submit the form response loads in iframe body

iframe POST

JSONPI uses iframe POST like jsonp: pass a callback fn in response body, set common document.domain js running in iframe can execute callback fn in parent window

flashback: JSONP

vs. JSONPI

JSONPI response

questions?

thanks! @bentlegen we re looking for js engineers! disqus.com/jobs slides, sample code on github book available sometime in 2018

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback