Loading ...
Sorry, an error occurred while loading the content.

10Stinking badges

Expand Messages
  • Douglas Crockford
    May 20, 2007
    • 0 Attachment
      --- In caplet@yahoogroups.com, Norman Hardy <norm@...> wrote:
      >
      > I quote from the MashupOS paper from Microsoft that Doug referred us to:
      >
      > There is either no trust across principals through complete isolation
      > or full trust through incorporating third party code as libraries.
      >
      > Where can I learn about these libraries--who can add to them and who
      > can call them?
      > Is there an implication that the 'third party' is mutually trusted?

      There are lots of Ajax libraries out their. You can find some pointers
      to them at Ajaxian.com. The web developer selects scripts from the
      library and includes then using HTML script tags. These scripts have
      access to everything. The scripts generally do not have secrets of
      their own.

      Most libraries get copied to your server. Some libraries, such as Dojo
      and YUI, can be loaded from 3rd party servers.

      A recent fad on sites with user-generated pages (like MySpace) is
      inclusion of 3rd party JavaScript badges on web pages. These badges
      provide access to logging, galleries, and video. And the badges have
      access to everything.
    • Show all 2 messages in this topic