Signing Javascript

David Makalsky dmakalsky at gmail.com
Sun Nov 30 03:38:44 UTC 2008


Hi Colin,

As I said earlier, I found a better solution so I don't have to worry
about signing the code.

As for cleaning up the javascript, I think those are great ideas.  I
will go ahead and make those changes this week.

Regards,

David

On Fri, Nov 28, 2008 at 4:28 PM, Colin Clark <colin.clark at utoronto.ca> wrote:
> Hi David,
>
> On 28-Nov-08, at 12:45 PM, David Makalsky wrote:
>
>> Do we have a fluid standard for signing javascript?  Does anyone have
>> any experience signing javascript?
>
>
> It's a pretty unusual case to have to deal with signed scripts. In general,
> JavaScript is untrusted code running within the browser sandbox. Fluid
> components have to work within this environment and not impose and
> additional hurdles for the user, so it's never been an issue.
>
> When it comes to working with signed applets across LiveConnect, I've really
> never encountered this issue in the wild, but a few interesting tidbits
> popped up using The Google:
>
> http://jontayler.blogspot.com/2006/08/java-signed-applet-security-insanity.html
>
> If you really want to try signing your JavaScript, I found this old article
> about signing scripts in Firefox. It looks like you'll have to distribute
> your JS code in a JAR file, which is a pretty odd deployment profile for
> JavaScript code. Be sure to test extensively across browsers. Hopefully this
> will help:
>
> http://www.mozilla.org/projects/security/components/signed-scripts.html
>
> As for general feedback about JavaScript development, I'd suggest you move
> your JavaScript code out of onclick handlers in the HTML and into your
> rascal.js file, binding event handlers unobtrusively. A toolkit like jQuery
> will simplify this for you a lot. I'd also suggest you keep the functions in
> rascal.js out of the global namespace to avoid collisions. All easy fixes,
> and there's tons of documentation in the Fluid wiki to help you with it:
>
> http://wiki.fluidproject.org/display/fluid/DHTML+Developer+Checklist
> http://wiki.fluidproject.org/display/fluid/Fearless+JavaScript+Workshop
>
> Colin
>
> ---
> Colin Clark
> Technical Lead, Fluid Project
> Adaptive Technology Resource Centre, University of Toronto
> http://fluidproject.org
>
>



-- 
David Makalsky



More information about the fluid-work mailing list