Saturday, May 31, 2008

favicon

A favicon is a small image that is generally used to reflect the identity of a web site. You can find it in the address bar, in your browser's tabs, in the list of bookmarks or in some feed readers like Bloglines. (src)

Tuesday, May 27, 2008

SOP - Same origin policy

The philosophy of the same origin policy is simple: the browser should not trust content loaded from arbitrary websites. Web pages run within the sandbox and are prevented from accessing resources from other origins. Without this protection, a malicious web page could compromise the confidentiality or integrity of another web page.

The term "origin" is defined using the domain name, protocol and port. Two pages belong to the same origin if and only if these three values are the same.

Douglas Crockford: Durable Objects

Fortunately, JavaScript provides the means to construct durable objects that can perfectly guard their state by using a variation of the Module Pattern.
...
By adding one simple rule, we can easily generate secure objects:
A durable object contains no visible data members, and its methods use neither this nor that.

This is a template for a durable constructor:

function durable(parameters) {
var that = {} or the product of another durable constructor;

var private variables;

function method() {

}

that.method = method;
return that;
}

Define all of your methods as private methods. The methods you choose to expose to the public get copied into that. None of the functions defined or inherited make use of that or this.
...
Durable objects allow code from multiple (possibly untrusted) parties to
cooperate. Durable objects can be expressed in a safe subset of JavaScript,
such as ADsafe or Cajita.