实例介绍
【实例简介】Third-Party JavaScript(2013)
【实例截图】
【核心代码】
contents
foreword
xii
preface
xv
acknowledgments
xvii
about this book
xix
about the authors
xxii
about the cover illustration
xxiii
1
Introduction to third-party JavaScript
1
1.1
Defining third-party JavaScript 2
1.2
The many uses of third-party JavaScript 4
Embedded widgets
6
■
Analytics and metrics
8
Web service API wrappers
10
1.3
Developing a bare-bones widget
13
Server-side JavaScript generation
14
■
Distributing widgets as
iframes
16
1.4
Challenges of third-party development
17
Unknown context
17
■
Shared environment
18
Browser restrictions
19
1.5
Summary
20
www.it-ebooks.infoCONTENTS
viii
2
Distributing and loading your application
21
2.1
Configuring your environment for third-party
development 22
Publisher test page
23
■
The web server
23
■
Simulating
multiple domains
24
2.2
Loading the initial script 26
Blocking script includes
26
■
Nonblocking scripts with async and
defer
27
■
Dynamic script insertion
29
2.3
The initial script file
31
Aliasing window and undefined 31
■
Basic application flow 32
2.4
Loading additional files
33
JavaScript files
34
■
Libraries
36
2.5
Passing script arguments
38
Using the query string
38
■
Using the fragment identifier
41
Using custom data attributes
42
■
Using global variables
43
2.6
Fetching application data 45
2.7
Summary
47
3
Rendering HTML and CSS
48
3.1
Outputting HTML
49
Using document.write
49
■
Appending to a known location 50
Appending multiple widgets
52
■
Decoupling render targets
54
3.2
Styling your HTML
55
Using inline styles
55
■
Loading CSS files
56
■
Embedding
CSS in JavaScript 58
3.3
Defensive HTML and CSS 61
Namespaces
61
■
CSS specificity
62
■
Overspecifying CSS
64
3.4
Embedding content in iframes 66
Src-less iframes
68
■
External iframes
70
■
Inheriting
styles
71
■
When to refrain from using iframes? 75
3.5
Summary
76
4
Communicating wi
th the server
77
4.1 AJAX and the browser same-origin policy
78
Rules for determining same origin
80
■
Same-origin policy and
script loading
80
www.it-ebooks.infoCONTENTS
ix
4.2 JSON with padding (JSONP) 82
Loading JSON via script elements
82
■
Dynamic callback
functions
84
■
Limitations and security concerns
86
4.3
Subdomain proxies 88
Changing a document’s origin using document.domain
89
Cross-origin messaging using subdomain proxies
91
Combining subdomain proxies with JSONP
94
■
Internet
Explorer and subdomain proxies
97
■
Security implications
98
4.4
Cross-origin resource sharing 99
Sending simple HTTP requests
99
■
Transferring cookies
with CORS
102
■
Sending preflight requests
102
Browser support
103
4.5
Summary
104
5
Cross-domain iframe messaging
105
5.1
HTML5 window.postMessage API
106
Sending messages using window.postMessage
107
Receiving messages sent to a window
109
■
Browser
support
110
5.2
Fallback techniques
112
Sending messages using window.name
112
■
Sending
messages using the URL fragment identifier
115
■
Sending
messages using Flash
118
5.3
Simple cross-domain messaging with easyXDM
120
Loading and initializing easyXDM
121
■
Sending simple
messages using easyXDM.Socket
123
■
Defining JSON-RPC
interfaces using easyXDM.Rpc
125
5.4
Summary
129
6
Authentication and sessions
131
6.1
Third-party cookies
132
Setting and reading sessions
133
■
Disabling third-party
cookies
134
■
Internet Explorer and P3P headers
136
Detecting when cookies are unavailable
138
6.2
Setting third-party cookies
140
Using dedicated windows
141
■
Iframe workaround
(Safari only)
144
■
Single-page sessions for Chrome
and Firefox
146
www.it-ebooks.infoCONTENTS
x
6.3
Securing sessions
147
HTTPS and secure cookies
148
■
Multilevel authentication
149
6.4
Summary
151
7
Security
152
7.1
Cookies, sessions, and session theft
153
7.2
Cross-site scripting
154
XSS attacks
155
■
XSS vulnerabilities in CSS
157
Defending your application against XSS attacks
159
7.3
Cross-site request forgery
161
XSRF attacks
161
■
JSON hijacking
163
■
Defending
your application against XSRF attacks
164
7.4
Publisher vulnerabilities
166
Publisher impersonation
166
■
Clickjacking
168
Denial of service
170
7.5
Summary
171
8
Developing a third-party JavaScript SDK
172
8.1
Implementing a bare-bones SDK
175
Initialization
175
■
Asynchronous loading
176
Exposing public functions
179
■
Event listeners
180
8.2
Versioning
182
URL versioning
183
■
Versioned initialization
185
8.3
Wrapping web service APIs
188
Accessing web service APIs on the client
188
■
Wrapping the
Camera Stork API
191
■
Identifying publishers
195
User authorization and OAuth
200
8.4
Summary
201
9
Performance
202
9.1
Optimizing payload
203
Combining and minifying source code
204
■
Reducing image
requests
205
■
Caching files
207
■
Deferring HTTP
requests
208
www.it-ebooks.infoCONTENTS
xi
9.2
Optimizing JavaScript 213
Inside the browser: UI thread, repaint, and
reflow
214
■
Controlling expensive calls: throttle and
debounce
215
■
Deferring computation with setTimeout
218
9.3
Perceived performance 220
Optimistic user actions
220
■
Rendering before document
ready
222
9.4
Summary
223
10
Debugging and testing
224
10.1
Debugging
225
Serving development code in production
227
■
Stepping through
the code
233
10.2
Testing
237
Unit, integration, and regression tests
238
■
Writing regression
tests using QUnit
240
■
Writing regression tests using Hiro 243
10.3
Summary
246
index
249
好例子网口号:伸出你的我的手 — 分享!
小贴士
感谢您为本站写下的评论,您的评论对其它用户来说具有重要的参考价值,所以请认真填写。
- 类似“顶”、“沙发”之类没有营养的文字,对勤劳贡献的楼主来说是令人沮丧的反馈信息。
- 相信您也不想看到一排文字/表情墙,所以请不要反馈意义不大的重复字符,也请尽量不要纯表情的回复。
- 提问之前请再仔细看一遍楼主的说明,或许是您遗漏了。
- 请勿到处挖坑绊人、招贴广告。既占空间让人厌烦,又没人会搭理,于人于己都无利。
关于好例子网
本站旨在为广大IT学习爱好者提供一个非营利性互相学习交流分享平台。本站所有资源都可以被免费获取学习研究。本站资源来自网友分享,对搜索内容的合法性不具有预见性、识别性、控制性,仅供学习研究,请务必在下载后24小时内给予删除,不得用于其他任何用途,否则后果自负。基于互联网的特殊性,平台无法对用户传输的作品、信息、内容的权属或合法性、安全性、合规性、真实性、科学性、完整权、有效性等进行实质审查;无论平台是否已进行审查,用户均应自行承担因其传输的作品、信息、内容而可能或已经产生的侵权或权属纠纷等法律责任。本站所有资源不代表本站的观点或立场,基于网友分享,根据中国法律《信息网络传播权保护条例》第二十二与二十三条之规定,若资源存在侵权或相关问题请联系本站客服人员,点此联系我们。关于更多版权及免责申明参见 版权及免责申明
网友评论
我要评论