Google Announces Release of “Browser Security Handbook”

Posted on December 11, 2008 by Vaibhav Pandey

At Technofriends, i have written multiple posts on Security and Hacking. Going forward with this, today in this post i will introduce you to the recently released Browser Security Handbook released by Google.

Security of Web Applications begins with Code and spans topics as complex as Networks to Web and Application servers to routers, gateways and Browsers. It’s also important to note that a thorough understanding of Full Browser Specific behaviour is important when considering security designs for Web 2.0 applications.

Browser Security is an important concept and must not be ignored at any cost.

Browser Security is an important concept and must not be ignored at any cost.

In order to make the life of a developer and other related to the task of Web Security Desigining somewhat easy, Google says

In hopes of helping to make the Web a safer place, we decided to release our Browser Security Handbook to the general public. This 60-page document provides a comprehensive comparison of a broad set of security features and characteristics in commonly used browsers, along with (hopefully) useful commentary and implementation tips for application developers who need to rely on these mechanisms, as well as engineering teams working on future browser-side security enhancements.

This Browser Security Handbook is meant to provide web application developers, browser engineers, and information security researchers with a one-stop reference to key security properties of contemporary web browsers. Insufficient understanding of these often poorly-documented characteristics is a major contributing factor to the prevalence of several classes of security vulnerabilities.

Although all browsers implement roughly the same set of baseline features, there is relatively little standardization – or conformance to standards – when it comes to many of the less apparent implementation details. Furthermore, vendors routinely introduce proprietary tweaks or improvements that may interfere with existing features in non-obvious ways, and seldom provide a detailed discussion of potential problems.

Browser Security Handbook is an interesting read and talks about Basic Concepts of a Web Browser, Standard Browser Security Features like same origin policy, third party cookie rules, content handling mechanism etc. It also talks about the experimental and legacy security features.

You can run a browser security test through ScanIt for testing the various bugs related to your browser.

Filed under: Google, Technology | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment »

JCrop gives you Powerful image cropping feature using JQuery

Posted on December 10, 2008 by Vaibhav Pandey

If you are someone who is looking for Image cropping functionality in your web application, try considering JCrop. Jcrop is the quick and easy way to add image cropping functionality to your web application. It combines the ease-of-use of a typical jQuery plugin with a powerful cross-platform DHTML cropping engine that is faithful to familiar desktop graphics applications. Best of all, JCrop also features clean, well-organized code that works well across most modern web browsers.

JCrop

JCrop

JCrop Feature Overview

  • Attaches unobtrusively to any image
  • Supports aspect ratio locking
  • Supports minSize/maxSize setting
  • Callbacks for selection done, or while moving
  • Keyboard support for nudging selection
  • API features to create interactivity, including animation
  • Support for CSS styling

Cross-platform Compatibility

  • Firefox 3
  • Safari 3
  • Opera 9.5
  • Google Chrome 0.2.x
  • Internet Explorer 6+

Download JCrop from here.

How Do I Get Started with JQuery?

Its simple. All you need to do is download JQuery from here. Place the relevant libraries on your webserver so that you can request them from your application. Also, importantly, ensure that you have  jQuery installed and included.

In the page <head> you’ll need to load the requisite files. That includes:

  • jQuery library
  • Jcrop Javascript
  • Jcrop CSS stylesheet

It should look something like this:

<script src="js/jquery.pack.js"></script>
<script src="js/jquery.Jcrop.pack.js"></script>
<link rel="stylesheet" href="css/jquery.Jcrop.css" type="text/css" />

Please note: These are only example paths, you probably will need to adjust them when you actually use them, to match the location of the files on your server. Jcrop will not function properly if you don’t.

Invocation

Let’s suppose we have this image our markup:

<img src="flowers.jpg" id="cropbox" />

To convert this into a Jcrop widget, insert the following script:

<script language="Javascript">
    jQuery(function() {
        jQuery('#cropbox').Jcrop();
    });
</script>

Jcrop’s default behavior is activated. Since there are no event handlers attached, it won’t do anything cool, but you can see how easy it is to implement Jcrop into your page.

You can follow me on Twitter at http://twitter.com/vaibhav1981

Do stay tuned to Technofriends for more, one of the best ways of doing so is by subscribing to our feeds. You can subscribe to Technofriends feed by clicking here.

Filed under: How-To, Tutorials | Tagged: , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment »