Hi David, On 28-Nov-08, at 12:45 PM, David Makalsky wrote:
> Do we have a fluid standard for signing javascript? Does anyone have > any experience signing javascript? It's a pretty unusual case to have to deal with signed scripts. In general, JavaScript is untrusted code running within the browser sandbox. Fluid components have to work within this environment and not impose and additional hurdles for the user, so it's never been an issue. When it comes to working with signed applets across LiveConnect, I've really never encountered this issue in the wild, but a few interesting tidbits popped up using The Google: http://jontayler.blogspot.com/2006/08/java-signed-applet-security-insanity.html If you really want to try signing your JavaScript, I found this old article about signing scripts in Firefox. It looks like you'll have to distribute your JS code in a JAR file, which is a pretty odd deployment profile for JavaScript code. Be sure to test extensively across browsers. Hopefully this will help: http://www.mozilla.org/projects/security/components/signed-scripts.html As for general feedback about JavaScript development, I'd suggest you move your JavaScript code out of onclick handlers in the HTML and into your rascal.js file, binding event handlers unobtrusively. A toolkit like jQuery will simplify this for you a lot. I'd also suggest you keep the functions in rascal.js out of the global namespace to avoid collisions. All easy fixes, and there's tons of documentation in the Fluid wiki to help you with it: http://wiki.fluidproject.org/display/fluid/DHTML+Developer+Checklist http://wiki.fluidproject.org/display/fluid/Fearless+JavaScript+Workshop Colin --- Colin Clark Technical Lead, Fluid Project Adaptive Technology Resource Centre, University of Toronto http://fluidproject.org _______________________________________________________ fluid-work mailing list - [email protected] To unsubscribe, change settings or access archives, see http://fluidproject.org/mailman/listinfo/fluid-work
