Book Review: Third Party Javascript

Third Party Javascript” is a must read book for web developers who build or make use of third-party integrations in websites. The authors work for Disqus (a commenting widget) and have tons of real world insight on running code in hostile browser environments, ranging from early versions of IE to modern mobile browsers, while potentially subject to a host of problems: security, privacy, users who tinker with scripts, pages loaded with conflicting libraries, and so on.

This book seems to cover all the problems you’d encounter writing or using embed-able Javascript code – whether you’re using/writing analytics tools, ad serving, OAuth login prompts, or SharePoint app parts.

Once you learn how to write code that defends itself against hostile scripts, get something a user can easily install, and handle versioning, the primary problem becomes how to build a website that third parties can communicate with, without violating security restrictions. As time has passed, new and better browser APIs have become available, so this book will show you how these have changed over time, how to handle the different quirks gracefully, and libraries you can use to outsource the effort.

If you’ve ever wondered how to defend against cross-site scripting, cross-site request forgery, JSON hijacking, publisher impersonation, and click-jacking, this book has a handy introduction to the causes and solutions to each. If you’re still skeptical of the seriousness of browser security issues, the security chapter will make you want to unplug and go back to simpler times.

If you’re a web developer, you’re probably not naturally interested in learning the worst parts of Internet Explorer, but this book will save months of your life debugging strange issues. If you’ve ever wanted to build a website that transforms a laptop into a space heater when a reader scrolls, this book will help you do just that, and then fix the mess you’ve created, with a nice chapter on performance tuning.

While the web (and Javascript) tend to move quickly, the information in this book will be good for longer than most, considering people are trying to avoid IE7 bugs! Overall “Third Party Javascript” is a solid addition to the corpus of literature on web development, and an indispensable resource for developing web-based integrations.