O'Reilly logo

Programming Social Applications by Jonathan LeBlanc

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Securing Applications

Many methods are accepted as appropriate solutions for securing third-party application code within a container host. Two of these, Caja and ADSafe, accomplish this task in particularly unique ways.

Caja is a JavaScript compiler that rewrites any frontend code that is to be loaded into the container. During this rewrite process, insecure functionality will be stripped out and all code will be rewritten as “Caja-safe” code. When working in a Caja-defined container, the underlying application will have indirect access to the DOM of the parent container page, thereby allowing any requests to be secured as needed.

ADSafe does not rewrite the application code, but rather works by stripping out any JavaScript functionality that is deemed to be insecure. This approach is not as painful to work with as Caja’s complete rewriter, but it also doesn’t provide the extensive security approach that Caja does.

We will discuss both of these topics in more depth in Chapter 8.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required