Throughout this chapter, we have explored a few different options that are currently available for securing social applications and third-party code within a container. We’ve looked at the implications of using iframes as a security model and have delved into iframe alternatives Caja and ADsafe.
Even if you do not implement these particular standards, working with them and understanding why a lot of code is filtered or disallowed within them has hopefully given you a better grasp of the security implications of allowing unmanaged, third-party code to exist on your site or service.
Preparing yourself for the eventuality of attacks from malicious developers or sloppy development practices will help you provide a safe experience for your end users. While these practices may require additional development work, they will help you achieve the ultimate goal: protecting those who use the services that you are hosting.