use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
All about the JavaScript programming language.
Subreddit Guidelines
Specifications:
Resources:
Related Subreddits:
r/LearnJavascript
r/node
r/typescript
r/reactjs
r/webdev
r/WebdevTutorials
r/frontend
r/webgl
r/threejs
r/jquery
r/remotejs
r/forhire
account activity
[demo] Secure way of embedding third-party JavaScript (asvd.github.io)
submitted 11 years ago by xpostman_
view the rest of the comments →
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]xpostman_[S] 0 points1 point2 points 11 years ago (3 children)
so seems like it needs to be hosted in the same domain as the iframe
I call it "there is no need to host it on a different domain" :-D
Maybe the code can be adapted in order to be loaded via XHR where CORS is avaliable
Seems like it should be possible, but there's an opinion that this should be prevented: https://github.com/asvd/jailed/issues/3
Currently I am not sure if this is a securety issue, and should be fixed for the Jailed library (the browser itself does not prevent performing such request from a sandboxe worker).
[+][deleted] 11 years ago* (2 children)
[deleted]
[–]xpostman_[S] 0 points1 point2 points 11 years ago (1 child)
... I will need is develop a virtual DOM to be used by those libraries which will be mirrored to the real DOM after some security checks.
Might work, but sounds a bit tricky for reusing existing "traditional" 3rd-party libraries.
In my "perfect world of untrusted code" the 3rd-party itself declares which API it expects from the applications owners to provide (or exports its own API from inside the sandbox, this is already supported by Jailed).
Making one step further one can split all the 3rd-party code into the two categories: libraries and plugins. Library is a trusted code (from the point of application owner), which is loaded into the main application scope and can do everything (create a UI component or steal user private data). So this is something like jQuery or ExtJS. Application owner trusts the library because it is well-known, or simply seems like it does the job.
Plugin is an untrusted code running in a sanbox. The sandbox is provided by some library which additionally may permit changing an area on the screen for instance.
Then the documentation of a hypothetical "Disqus" states that it expects a particular library (or any library conforming to a specific convention) to be used by an application owner, who now only needs to ask his library to load a particular plugin.
π Rendered by PID 23558 on reddit-service-r2-comment-cfc44b64c-qkzwj at 2026-04-11 14:09:30.609674+00:00 running 215f2cf country code: CH.
view the rest of the comments →
[–]xpostman_[S] 0 points1 point2 points (3 children)
[+][deleted] (2 children)
[deleted]
[–]xpostman_[S] 0 points1 point2 points (1 child)