C
C
cat_crash2012-09-24 12:46:15
API
cat_crash, 2012-09-24 12:46:15

Are there any good materials on creating applications for websites

Good day.

I am the owner of a medium-sized project in the Republic of Belarus and I plan to make it possible to create "applications" for the site. The essence is simple - there is a page on which you can place any application. An application is a kind of page in the form of an IFRAME that can receive and transmit data to the parent page.
A lot of questions immediately arise:
How to host:
- Host them on your server? If so, then it is not very convenient for the end user in terms of access to the same ERP systems that the customer has.
- Allowing hosting from other people's servers is a security hole. They can throw anything through JS.

Actually access to JS:
— how to control application providers? After all, they can obfuscate the code + change it in real time. IMHO, this is just a hotbed of evil
- Hardly limit the list of JS lib, Jquery, FancyBox, etc. and give access to their functions through the API. Those. give the opportunity to run from the iframe. - not very "flexible"
- to pass all the traffic through any anti-virus programs before issuing it? As an option, but I'm not sure that server-side antiviruses can normally deal with JS dirty tricks (for example, parent.location.href='hacksite.com;)

Actually the question is: is there any good reading about this - how to make it possible to write moderately flexible HTML applications for your site?

Answer the question

In order to leave comments, you need to log in

2 answer(s)
E
egorinsk, 2012-09-24
@egorinsk

If you place someone else's code in an iframe, then the worst thing he can do is alerts or a redirect.
In general, I advise you to quit this idea. Application development costs money. Why should a developer make applications on your site, if you can do it from VKontakte / Facebook, there are more users and you can earn more.

P
pletinsky, 2012-09-24
@pletinsky

You can study in detail how this is done, for example, on Facebook and copy everything from them. Surely they have already gone through all the rake.
Here is even an article from habr.
It has its own markup language (as it were), its own scripting language (as it were).
Well, there are security policies and all that.
It is not particularly believed in the success of the event, but you will get an interesting experience.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question