Third-Party JavaScriptSummary Third-Party JavaScript guides web developers through the complete development of a full-featured third-party JavaScript application. You'll learn dozens of techniques for developing widgets that collect data for analytics, provide helpful overlays and dialogs, or implement features like chat or commenting. The concepts and examples throughout this book represent the best practices for this emerging field, based on thousands of real-world dev hours and results from millions of users. About this Book There's an art to writing third-party JavaScript—embeddable scripts that can plug into any website. They must adapt easily to unknown host environments, coexist with other applications, and manage the tricky security vulnerabilities you get when code and asset files are served from remote web addresses. Get it right and you have unlimited options for distributing your apps. This unique book shows you how. Third-Party JavaScript guides you through the ins and outs of building full-featured third-party JavaScript applications. You'll learn techniques for developing widgets that collect data for analytics, provide helpful overlays and dialogs, or implement features like chat and commenting. The concepts and examples throughout the book represent the best practices for this emerging field, based on thousands of real-world dev hours and results from millions of users. Written for web developers who know JavaScript, this book requires no prior knowledge of third-party apps. What's Inside Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications. About the Authors Ben Vinegar is an engineer at Disqus, a third-party JavaScript commenting platform. Anton Kovalyov is a software engineer at Mozilla. They are third-party applications experts whose work has been distributed on millions of websites Table of Contents
|
Contents
Distributing and loading your application | |
Rendering HTML and | |
Communicating with the server | |
Crossdomain iframe messaging | |
Authentication and sessions | |
Security | |
Developing a thirdparty JavaScript | |
Performance | |
Debugging and testing | |
List of Figures | |
List of Listings | |
Other editions - View all
Common terms and phrases
application’s asynchronously attacker attribute avatar browser callback function Camera Stork widget camerastork.com chapter client-side configuration CORS cross-domain cross-site request forgery cross-site scripting CSS rules debugging Disqus document document.write domain easyXDM easyXDM.Rpc embedded endpoint event example executing Facebook Figure Firefox fragment identifier Google header hosted HTML5 iframe implementation initial inside Internet Explorer JavaScript code JavaScript files JavaScript library JavaScript object JavaScript SDK jQuery JSON JSONP Listing load look namespace origin parameters parent postMessage product ID product widget provider publisher publisher’s website query string quirks mode regression test render request response same-origin policy script element script file script include snippet server service API source code Stork.productWidget styles subdomain proxies target techniques there’s third-party application third-party cookies third-party JavaScript application third-party script tunnel file vulnerabilities we’ll web application widget.js window window.postMessage workarounds XmlHttpRequest XSRF you’re