Hacker News new | past | comments | ask | show | jobs | submit login

Yeah, providing sandboxed and controlled access to certain areas of the dom and certain functions is exactly what they appear to be doing in their TW example. However, that tiny demo looks like it takes up 800 lines of code! WTF?



Yeah, I'm in no way proud of that beast of a code. There are a couple things at play here:

1. The js.js API is currently very low-level, which makes it verbose and difficult to use. There's a lot of room for improvement.

2. The twitter script was actually chosen because it's complex. It has a ton of boilerplate code that you'd probably be surprised is in there.

3. A lot of the code written could be generalized into a generic virtual DOM interface library that is not specific to this twitter script. Things like screen.width and screen.height are common properties that would be accessed by many different scripts and so could be generalized.


Something like this would be awesome:

  var env = {local1: function (){}, local2: "blah"};
  js = new JSJS(env);
  js.eval("console.log('I am evil!'); local1();");




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: