1 / 8

Dojo Secure

Dojo.Secure is a secure framework for loading, validating, and providing a safe set of library functions, along with safe access to the DOM. It includes a loading registry with different loading mechanisms and uses ADsafe style language constraints. It provides a library API with no namespacing, making it suitable for a global-less environment. All functionality is available on the client side in JavaScript.

batesb
Download Presentation

Dojo Secure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dojo Secure • Kris Zyp

  2. Dojo Secure • Full framework for loading, validating, and providing a safe set of library functions and safe access to the DOM. • Provides loading registry with different loading mechanisms • Uses ADsafe style language constraints • Provides |this| within class constructors http://www.sitepen.com/blog/2008/08/01/secure-mashups-with-dojoxsecure/

  3. Dojo Secure • Provides access to the DOM (a facade), with the standard API, that is restricted • Provides a library API (with no namespacing, no need in a global-less environment) • All on the client side in JavaScript • Full framework: loading, validation, and DOM sandboxing

  4. ADsafe • Disables features in JavaScript that prevent containment/sandboxing • Global variables • [index], this, ==, != • Properties: • apply,call,callee,caller,constructor,eval, prototype,this,unwatch,valueOf,watch, and anything starting with _ • with, eval http://adsafe.org

  5. Dojo Secure differences from ADsafe • |this| is allowed in Class method bodies • Statically validated • Dynamically bound methods • Names ending with __ • Due to VBScript usage

  6. Demo/Test Page • Easy to test validation • Load pages and scripts http://www.sitepen.com/labs/code/secure/dojox/secure/tests/load.html

  7. Dojo Secure

More Related