SlideShare a Scribd company logo

A Re-Introduction to Third-Party Scripting

B
benvinegar

This document summarizes Ben's presentation on third-party scripts. It discusses how third-party scripts can be loaded asynchronously to avoid blocking page rendering. It also covers challenges like namespace collisions and cross-domain requests, and solutions like jQuery.noConflict(), sandboxing, CORS, JSONP, postMessage, and iframe tunnels. Debugging remote third-party scripts is challenging but tools like browser developer tools can help.

Technology
1 of 58
Downloaded 43 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
a re-introduction to third-party scripting techtalksTO Sunday, September 18, 2011
who invited this guy? • name’s ben • former torontonian • working at disqus in san francisco Sunday, September 18, 2011
DISQUS • dis·cuss • dĭ-skŭs' • third-party commenting platform • customers: CNN, MLB, IGN, and other exciting acronyms • 500 million visitors/month Sunday, September 18, 2011
third-party scripts Sunday, September 18, 2011
third-party scripts • js written by someone else • executing on your website • loaded from a remote server Sunday, September 18, 2011
third-party scripts Sunday, September 18, 2011
simple concept, powerful results Sunday, September 18, 2011
ad scripts Google AdSense (http://adsense.com) Sunday, September 18, 2011
analytics CrazyEgg (http://crazyegg.com) Sunday, September 18, 2011
embedded widgets Disqus (http://disqus.com) Sunday, September 18, 2011
widgets cont’d Guestlist (http://guestlistapp.com) Sunday, September 18, 2011
browser plugins Rapportive (http://rapportive.com) Sunday, September 18, 2011
js apis/sdks LinkedIn (http://developer.linkedin.com/javascript) Sunday, September 18, 2011
writing them != easy • operate in unknown, uncontrolled environment • shared DOM, globals • browser limitations • debugging remote sites is hard Sunday, September 18, 2011
the good news Sunday, September 18, 2011
it’s getting better • new browser features • newly discovered techniques (hacks) • powerful new open source libraries • published literature? Sunday, September 18, 2011
let’s take the tour Sunday, September 18, 2011
script loading Sunday, September 18, 2011
blocking includes • standard script includes block rendering • giving us a bad rep! • culprit: document.write Sunday, September 18, 2011
document.write Sunday, September 18, 2011
example: github gists Sunday, September 18, 2011
embedded gists Sunday, September 18, 2011
HTML5’s async attr Sunday, September 18, 2011
async-friendly insert Sunday, September 18, 2011
async browser support • Firefox 3.6+ • Chrome 7+ • Safari 5.0 • IE 10 (!) • Notably absent: Opera Sunday, September 18, 2011
dynamic script creation Sunday, September 18, 2011
first impressions count • hard to get website owners to update their script includes • people are still using blocking disqus include (deprecated mid-2009) • who still uses blocking GA include? Sunday, September 18, 2011
shared environment Sunday, September 18, 2011
global collisions • unknown scripts executing on same page • may introduce conflicting variables • DOM queries may inadvertently select your elements (or vice versa) Sunday, September 18, 2011
namespace your js! Sunday, September 18, 2011
bonus points: html • id=”dsq-comment-8” • class=”dsq-comment” • data-dsq-username=”jimbob” • Bad: class=”dsq-comment active” Sunday, September 18, 2011
js libs • you should use ‘em • what if they already exist on the page? Sunday, September 18, 2011
$.noConflict • utility method for assigning jQuery global ($) to a variable • great for namespacing • becoming a standard pattern Sunday, September 18, 2011
libs w/ noConflict • LABjs • Underscore.js • Backbone.js • Ender.js and its assoc. microlibs • easyXDM Sunday, September 18, 2011
destructive libs Sunday, September 18, 2011
sandboxing • run your code inside a src-less iframe • clean js environment • no global state leak Sunday, September 18, 2011
twitter @anywhere • twitter widget library • supports multiple lib versions/ instances per page • each version is sandboxed in a separate iframe Sunday, September 18, 2011
twitter @anywhere iframe A iframe B Sunday, September 18, 2011
hiro.js • QUnit-like js testing library • each test suite runs in a new iframe • optional: seed iframe environment Hiro (http://github.com/antonkovalyov/hiro) Sunday, September 18, 2011
ajax Sunday, September 18, 2011
cross-domain ajax • can’t initiate XmlHttpRequest from foo.com to bar.com • same-origin policy (host, port, protocol) • subdomains a ected too Sunday, September 18, 2011
w/o same-origin pol. • What if I hosted a page with the following ... Sunday, September 18, 2011
CORS • Cross-Origin Resource Sharing • special http headers that permit XD access to resources • W3C working draft • Firefox 3.5+, Chrome 3+, Safari 4+, IE8+ Sunday, September 18, 2011
CORS headers Cors Example (http://saltybeagle.com/cors) Sunday, September 18, 2011
JSONP • load JSON using <script> elements • script element bypasses same-origin policy • built-in helpers in most js frameworks Sunday, September 18, 2011
JSONP example Sunday, September 18, 2011
JSONP example Sunday, September 18, 2011
JSONP cont’d • only supports GET requests • script loading can’t detect 400, 500 errors (rely on timeouts) • caching complications when generating new response each time Sunday, September 18, 2011
postMessage • HTML5 API for cross-window communication • works with iframes, new windows • Firefox 3+, Safari 4+, Chrome (all), IE8+ Sunday, September 18, 2011
postMessage foo.com bar.com Sunday, September 18, 2011
iframe tunnels foo.com postMessage bar.com/ xhr tunnel.html bar.com/api Sunday, September 18, 2011
easyXDM • postMessage-like API for window objs • uses Flash, obscure transport protocols when postMessage is n/a • wider browser support • Disqus, Twitter, Scribd, LinkedIn ... easyXDM (http://easyxdm.net) Sunday, September 18, 2011
debugging Sunday, September 18, 2011
how do you debug this mess? Sunday, September 18, 2011
switches • serve unminified js for specific sites, users* Sunday, September 18, 2011
proxies • send all http tra c to a proxy server • rewrite production urls • from widget.com to ... • localhost • staging.widget.com • newfeature.staging.widget.com Sunday, September 18, 2011
wrapping up Sunday, September 18, 2011
thanks • @bentlegen • disqus is hiring js/python/django in san francisco • (canadians welcome) • book coming early 2018 Sunday, September 18, 2011

More Related Content

KEY
Modern iframe programming
benvinegar
 
PDF
Re-Introduction to Third-party Scripting
benvinegar
 
KEY
Txjs
Brian LeRoux
 
KEY
Modernizr, Yepnope, and Polyfills
Alex Sexton
 
KEY
Palm Developer Day PhoneGap
Brian LeRoux
 
PDF
How to start developing apps for Firefox OS
benko
 
PDF
Ruby is dying. What languages are cool now?
Michał Konarski
 
KEY
Rails development environment talk
Reuven Lerner
 
Modern iframe programming
benvinegar
 
Re-Introduction to Third-party Scripting
benvinegar
 
Txjs
Brian LeRoux
 
Modernizr, Yepnope, and Polyfills
Alex Sexton
 
Palm Developer Day PhoneGap
Brian LeRoux
 
How to start developing apps for Firefox OS
benko
 
Ruby is dying. What languages are cool now?
Michał Konarski
 
Rails development environment talk
Reuven Lerner
 

What's hot (20)

PDF
Selenium bootcamp slides
seleniumbootcamp
 
PDF
PLAT-7 Spring Web Scripts and Spring Surf
Alfresco Software
 
PDF
The Same-Origin Saga
Brendan Eich
 
PDF
Why Plone Will Die
Andreas Jung
 
PDF
Finding Restfulness - Madrid.rb April 2014
samlown
 
PDF
Code for Startup MVP (Ruby on Rails) Session 1
Henry S
 
PDF
Ruby Kansai #35 About RubyKaigi2009 ujihisa
ujihisa
 
KEY
Introduction to WebSockets
Steve Agalloco
 
KEY
ARTDM 171, Week 2: A Brief History + Web Basics
Gilbert Guerrero
 
PPTX
Python assignment help
www.myassignmenthelp.net
 
PDF
Node.js Patterns and Opinions
IsaacSchlueter
 
PDF
CSS 201
Jennifer Berk
 
PPTX
Confessions of a java developer that fell in love with the groovy language
Victor Trakhtenberg
 
PDF
Web technologies for desktop development @ berlinjs apps
Darko Kukovec
 
PPT
Node and Azure
Jason Gerard
 
PDF
Lo4
liankei
 
PDF
Ruby tutorial
Ánh Nguyễn
 
PPTX
Using Javascript in today's world
Sudar Muthu
 
PDF
The ideal module system and the harsh reality
Adam Warski
 
PDF
Tomboy Web Sync Explained
Mohan Krishnan
 
Selenium bootcamp slides
seleniumbootcamp
 
PLAT-7 Spring Web Scripts and Spring Surf
Alfresco Software
 
The Same-Origin Saga
Brendan Eich
 
Why Plone Will Die
Andreas Jung
 
Finding Restfulness - Madrid.rb April 2014
samlown
 
Code for Startup MVP (Ruby on Rails) Session 1
Henry S
 
Ruby Kansai #35 About RubyKaigi2009 ujihisa
ujihisa
 
Introduction to WebSockets
Steve Agalloco
 
ARTDM 171, Week 2: A Brief History + Web Basics
Gilbert Guerrero
 
Python assignment help
www.myassignmenthelp.net
 
Node.js Patterns and Opinions
IsaacSchlueter
 
CSS 201
Jennifer Berk
 
Confessions of a java developer that fell in love with the groovy language
Victor Trakhtenberg
 
Web technologies for desktop development @ berlinjs apps
Darko Kukovec
 
Node and Azure
Jason Gerard
 
Lo4
liankei
 
Ruby tutorial
Ánh Nguyễn
 
Using Javascript in today's world
Sudar Muthu
 
The ideal module system and the harsh reality
Adam Warski
 
Tomboy Web Sync Explained
Mohan Krishnan
 
Ad

Similar to A Re-Introduction to Third-Party Scripting (20)

PDF
2011 june-kuala-lumpur-gtug-hackathon
ikailan
 
PDF
Capitol js
Brendan Eich
 
PDF
Symfony2: Get your project started
Ryan Weaver
 
PPTX
AFNetworking
joaopmaia
 
PDF
Pocket Knife JS
Diogo Antunes
 
PDF
Intro to HTML5 Game Programming
James Williams
 
PDF
Iwmn architecture
Lenz Gschwendtner
 
PDF
Modularizing your Grails Application with Private Plugins - SpringOne 2GX 2012
kennethaliu
 
PDF
HTML5, are we there yet?
Ovidiu Dimulescu
 
PDF
Sean coates fifty things and tricks, confoo 2011
Bachkoutou Toutou
 
PDF
eZ Publish nextgen
Jérôme Vieilledent
 
PDF
Front end for back end developers
Wojciech Bednarski
 
PDF
Apcug 2011 07-17-intro_to_drupal_jeff_schuler
hewie
 
PDF
Intridea & open source
Daniel Lv
 
PDF
HTML5 and Sencha Touch
Patrick Sheridan
 
KEY
DjangoSki
Brian LeRoux
 
PDF
Toolset of Beansmile
leondu
 
PDF
Web API's World
Michele Zonca
 
PDF
Creating a Global E-Commerce Website With E-Business Suite and Fusion Middleware
Brian Huff
 
PDF
WordPress Gallery Themes & Plugins
Noel Saw
 
2011 june-kuala-lumpur-gtug-hackathon
ikailan
 
Capitol js
Brendan Eich
 
Symfony2: Get your project started
Ryan Weaver
 
AFNetworking
joaopmaia
 
Pocket Knife JS
Diogo Antunes
 
Intro to HTML5 Game Programming
James Williams
 
Iwmn architecture
Lenz Gschwendtner
 
Modularizing your Grails Application with Private Plugins - SpringOne 2GX 2012
kennethaliu
 
HTML5, are we there yet?
Ovidiu Dimulescu
 
Sean coates fifty things and tricks, confoo 2011
Bachkoutou Toutou
 
eZ Publish nextgen
Jérôme Vieilledent
 
Front end for back end developers
Wojciech Bednarski
 
Apcug 2011 07-17-intro_to_drupal_jeff_schuler
hewie
 
Intridea & open source
Daniel Lv
 
HTML5 and Sencha Touch
Patrick Sheridan
 
DjangoSki
Brian LeRoux
 
Toolset of Beansmile
leondu
 
Web API's World
Michele Zonca
 
Creating a Global E-Commerce Website With E-Business Suite and Fusion Middleware
Brian Huff
 
WordPress Gallery Themes & Plugins
Noel Saw
 
Ad

Recently uploaded (20)

PDF
The Future of Artificial Intelligence (AI)
Mukul
 
PPTX
Agile Chennai 18-19 July 2025 Ideathon | AI Powered Microfinance Literacy Gui...
AgileNetwork
 
PDF
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
PPTX
Agile Chennai 18-19 July 2025 | Emerging patterns in Agentic AI by Bharani Su...
AgileNetwork
 
PPTX
AI in Daily Life: How Artificial Intelligence Helps Us Every Day
vanshrpatil7
 
PDF
Security features in Dell, HP, and Lenovo PC systems: A research-based compar...
Principled Technologies
 
PDF
How Open Source Changed My Career by abdelrahman ismail
a0m0rajab1
 
PDF
Economic Impact of Data Centres to the Malaysian Economy
flintglobalapac
 
PDF
GDG Cloud Munich - Intro - Luiz Carneiro - #BuildWithAI - July - Abdel.pdf
Luiz Carneiro
 
PDF
NewMind AI Weekly Chronicles - July'25 - Week IV
NewMind AI
 
PDF
Doc9.....................................
SofiaCollazos
 
PDF
A Strategic Analysis of the MVNO Wave in Emerging Markets.pdf
IPLOOK Networks
 
PPTX
OA presentation.pptx OA presentation.pptx
pateldhruv002338
 
PDF
Responsible AI and AI Ethics - By Sylvester Ebhonu
Sylvester Ebhonu
 
PDF
AI-Cloud-Business-Management-Platforms-The-Key-to-Efficiency-Growth.pdf
Artjoker Software Development Company
 
PPTX
Introduction to Flutter by Ayush Desai.pptx
ayushdesai204
 
PDF
Brief History of Internet - Early Days of Internet
sutharharshit158
 
PDF
Software Development Methodologies in 2025
KodekX
 
PDF
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
PDF
SparkLabs Primer on Artificial Intelligence 2025
SparkLabs Group
 
The Future of Artificial Intelligence (AI)
Mukul
 
Agile Chennai 18-19 July 2025 Ideathon | AI Powered Microfinance Literacy Gui...
AgileNetwork
 
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
Agile Chennai 18-19 July 2025 | Emerging patterns in Agentic AI by Bharani Su...
AgileNetwork
 
AI in Daily Life: How Artificial Intelligence Helps Us Every Day
vanshrpatil7
 
Security features in Dell, HP, and Lenovo PC systems: A research-based compar...
Principled Technologies
 
How Open Source Changed My Career by abdelrahman ismail
a0m0rajab1
 
Economic Impact of Data Centres to the Malaysian Economy
flintglobalapac
 
GDG Cloud Munich - Intro - Luiz Carneiro - #BuildWithAI - July - Abdel.pdf
Luiz Carneiro
 
NewMind AI Weekly Chronicles - July'25 - Week IV
NewMind AI
 
Doc9.....................................
SofiaCollazos
 
A Strategic Analysis of the MVNO Wave in Emerging Markets.pdf
IPLOOK Networks
 
OA presentation.pptx OA presentation.pptx
pateldhruv002338
 
Responsible AI and AI Ethics - By Sylvester Ebhonu
Sylvester Ebhonu
 
AI-Cloud-Business-Management-Platforms-The-Key-to-Efficiency-Growth.pdf
Artjoker Software Development Company
 
Introduction to Flutter by Ayush Desai.pptx
ayushdesai204
 
Brief History of Internet - Early Days of Internet
sutharharshit158
 
Software Development Methodologies in 2025
KodekX
 
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
SparkLabs Primer on Artificial Intelligence 2025
SparkLabs Group
 

A Re-Introduction to Third-Party Scripting

  • 1. a re-introduction to third-party scripting techtalksTO Sunday, September 18, 2011
  • 2. who invited this guy? • name’s ben • former torontonian • working at disqus in san francisco Sunday, September 18, 2011
  • 3. DISQUS • dis·cuss • dĭ-skŭs' • third-party commenting platform • customers: CNN, MLB, IGN, and other exciting acronyms • 500 million visitors/month Sunday, September 18, 2011
  • 5. third-party scripts • js written by someone else • executing on your website • loaded from a remote server Sunday, September 18, 2011
  • 7. simple concept, powerful results Sunday, September 18, 2011
  • 8. ad scripts Google AdSense (http://adsense.com) Sunday, September 18, 2011
  • 9. analytics CrazyEgg (http://crazyegg.com) Sunday, September 18, 2011
  • 10. embedded widgets Disqus (http://disqus.com) Sunday, September 18, 2011
  • 11. widgets cont’d Guestlist (http://guestlistapp.com) Sunday, September 18, 2011
  • 12. browser plugins Rapportive (http://rapportive.com) Sunday, September 18, 2011
  • 13. js apis/sdks LinkedIn (http://developer.linkedin.com/javascript) Sunday, September 18, 2011
  • 14. writing them != easy • operate in unknown, uncontrolled environment • shared DOM, globals • browser limitations • debugging remote sites is hard Sunday, September 18, 2011
  • 15. the good news Sunday, September 18, 2011
  • 16. it’s getting better • new browser features • newly discovered techniques (hacks) • powerful new open source libraries • published literature? Sunday, September 18, 2011
  • 17. let’s take the tour Sunday, September 18, 2011
  • 19. blocking includes • standard script includes block rendering • giving us a bad rep! • culprit: document.write Sunday, September 18, 2011
  • 21. example: github gists Sunday, September 18, 2011
  • 23. HTML5’s async attr Sunday, September 18, 2011
  • 25. async browser support • Firefox 3.6+ • Chrome 7+ • Safari 5.0 • IE 10 (!) • Notably absent: Opera Sunday, September 18, 2011
  • 26. dynamic script creation Sunday, September 18, 2011
  • 27. first impressions count • hard to get website owners to update their script includes • people are still using blocking disqus include (deprecated mid-2009) • who still uses blocking GA include? Sunday, September 18, 2011
  • 29. global collisions • unknown scripts executing on same page • may introduce conflicting variables • DOM queries may inadvertently select your elements (or vice versa) Sunday, September 18, 2011
  • 30. namespace your js! Sunday, September 18, 2011
  • 31. bonus points: html • id=”dsq-comment-8” • class=”dsq-comment” • data-dsq-username=”jimbob” • Bad: class=”dsq-comment active” Sunday, September 18, 2011
  • 32. js libs • you should use ‘em • what if they already exist on the page? Sunday, September 18, 2011
  • 33. $.noConflict • utility method for assigning jQuery global ($) to a variable • great for namespacing • becoming a standard pattern Sunday, September 18, 2011
  • 34. libs w/ noConflict • LABjs • Underscore.js • Backbone.js • Ender.js and its assoc. microlibs • easyXDM Sunday, September 18, 2011
  • 36. sandboxing • run your code inside a src-less iframe • clean js environment • no global state leak Sunday, September 18, 2011
  • 37. twitter @anywhere • twitter widget library • supports multiple lib versions/ instances per page • each version is sandboxed in a separate iframe Sunday, September 18, 2011
  • 38. twitter @anywhere iframe A iframe B Sunday, September 18, 2011
  • 39. hiro.js • QUnit-like js testing library • each test suite runs in a new iframe • optional: seed iframe environment Hiro (http://github.com/antonkovalyov/hiro) Sunday, September 18, 2011
  • 41. cross-domain ajax • can’t initiate XmlHttpRequest from foo.com to bar.com • same-origin policy (host, port, protocol) • subdomains a ected too Sunday, September 18, 2011
  • 42. w/o same-origin pol. • What if I hosted a page with the following ... Sunday, September 18, 2011
  • 43. CORS • Cross-Origin Resource Sharing • special http headers that permit XD access to resources • W3C working draft • Firefox 3.5+, Chrome 3+, Safari 4+, IE8+ Sunday, September 18, 2011
  • 44. CORS headers Cors Example (http://saltybeagle.com/cors) Sunday, September 18, 2011
  • 45. JSONP • load JSON using <script> elements • script element bypasses same-origin policy • built-in helpers in most js frameworks Sunday, September 18, 2011
  • 48. JSONP cont’d • only supports GET requests • script loading can’t detect 400, 500 errors (rely on timeouts) • caching complications when generating new response each time Sunday, September 18, 2011
  • 49. postMessage • HTML5 API for cross-window communication • works with iframes, new windows • Firefox 3+, Safari 4+, Chrome (all), IE8+ Sunday, September 18, 2011
  • 50. postMessage foo.com bar.com Sunday, September 18, 2011
  • 51. iframe tunnels foo.com postMessage bar.com/ xhr tunnel.html bar.com/api Sunday, September 18, 2011
  • 52. easyXDM • postMessage-like API for window objs • uses Flash, obscure transport protocols when postMessage is n/a • wider browser support • Disqus, Twitter, Scribd, LinkedIn ... easyXDM (http://easyxdm.net) Sunday, September 18, 2011
  • 54. how do you debug this mess? Sunday, September 18, 2011
  • 55. switches • serve unminified js for specific sites, users* Sunday, September 18, 2011
  • 56. proxies • send all http tra c to a proxy server • rewrite production urls • from widget.com to ... • localhost • staging.widget.com • newfeature.staging.widget.com Sunday, September 18, 2011
  • 58. thanks • @bentlegen • disqus is hiring js/python/django in san francisco • (canadians welcome) • book coming early 2018 Sunday, September 18, 2011