Contents

---

foreword
preface
acknowledgments
about this book
about the authors
about the cover illustration
 

1 Introduction to third-party JavaScript

Defining third-party JavaScript

The many uses of third-party JavaScript

Developing a bare-bones widget

Challenges of third-party development

Summary

2 Distributing and loading your application

Configuring your environment for third-party development

Loading the initial script

The initial script file

Loading additional files

Passing script arguments

Fetching application data

Summary

3 Rendering HTML and CSS

Outputting HTML

Styling your HTML

Defensive HTML and CSS

Embedding content in iframes

Summary

4 Communicating with the server

AJAX and the browser same-origin policy

JSON with padding (JSONP)

Subdomain proxies

Cross-origin resource sharing

Summary

5 Cross-domain iframe messaging

HTML5 window.postMessage API

Fallback techniques

Simple cross-domain messaging with easyXDM

Summary

6 Authentication and sessions

Third-party cookies

Setting third-party cookies

Securing sessions

Summary

7 Security

Cookies, sessions, and session theft

Cross-site scripting

Cross-site request forgery

Publisher vulnerabilities

Summary

8 Developing a third-party JavaScript SDK

Implementing a bare-bones SDK

Versioning

Wrapping web service APIs

Summary

9 Performance

Optimizing payload

Optimizing JavaScript

Perceived performance

Summary

10 Debugging and testing

Debugging

Testing

Summary

index