RenderJS Home RenderJS

    RenderJs known issues

    • Last Update:2012-11-05
    • Version:001
    • Language:en

    RenderJs know issues

    RenderJs has number of complex issues remaining still.

    Most of these issues are due to fact that by nature JavaScript is insecure language and there is still no way to make sure that gadgets can coexists safely in same page (i.e. DOM tree) just because they all share same name space. Some work has been done on in this directions by following projects:

    • using iframes and Fragmented Identifier to communicate between iframes. this technique is quite safe and natively supported by browsers but make interaction between different iframes cumberso
    • using google-caja to effectively re-compiles to a safe JavaScript any arbitrary (?) JS code. For this one must post a request to Caja's servers and get returned *safe* JS code (this is not good when we talk about scalability, relying on 3rd party service, etc ...)
    • using AdSafe (by Douglas Crocford, author of "JavaScript.The.Good.Parts" book and JSLint ) read . It doesn't require any re-compile of JS code and seems from reading that it's close to "renderjs could probably build the JS gadget in such way that it only has access to: its own DIV, ..."

    The following question depicts the current complexity of the issues:

    Q: How to make sure a gadget can not kill another gadget or steal its data?

    A: Currently we have no idea to prevent that one gadget access DOM or global namespace of another gadget as this should be handled at JavaScript level which is not the case. We can only hope that the only possible way a gadget can interact with another gadget is through its gadget API and preferable over an Interactor Gadget (acting as a mediator). This problem can also be seen with gadgets loading CSS which override other gadgets' CSS.

    Q: How to integrate external non trusted gadgets?

    A: Currently the only feasible and secure way to integrate external gadgets is by wrapping it with an iframe which creates a different namespace within same page. Still this approach doesn't play nice at all with Interactor approach. One technology has a chance to help here like Fragment Identifiers

    Q: Is there a way to ensure gadgets are compatible with each other?

    No way to ensure this and it's not RenderJs job to solve integration issues.