Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Douglas - Real JavaScript


Published on

Published in: Technology
  • Be the first to comment

Douglas - Real JavaScript

  1. 1. Really. JavaScript. Douglas Crockford Yahoo!
  2. 2. The World’s Most Popular Programming Language
  3. 3. The World’s Most Popular Programming Language The World’s Most Unpopular Programming Language
  4. 4. Java Scheme Self LiveScript
  5. 5. Java Scheme Self LiveScript JavaScript
  6. 6. Java Scheme Self LiveScript JavaScript ECMAScript
  7. 7. The web was a disappointment as an application delivery system. Page replacement too inefficient. Java applets failed. No one believed in JavaScript.
  8. 8. The Web Is Dead. The future is not document retrieval. The future is distributed programming.
  9. 9. “Another software technology will come along and kill off the Web... And that judgment day will arrive very soon -- in the next two to three years.” George F. Colony Chairman of the Board and CEO Forrester Research, Inc. [2000],1503,21
  10. 10. Microsoft abandoned the web.
  11. 11. AJAX! JavaScript gets a second chance.
  12. 12. Reasons to Hate JavaScript • It has bad parts. • The DOM is awful. • It isn’t Java, C#, C++, Python, Ruby, … • It didn’t die.
  13. 13. There are reasons to like JavaScript It has good parts.
  14. 14. JavaScript is a functional language with dynamic objects and familiar syntax.
  15. 15. It scales from beginners to masters.
  16. 16. JavaScript is especially effective in an event-driven application model.
  17. 17. Programs in JavaScript can be significantly smaller than equivalent programs in other languages. But you must learn to think in JavaScript.
  18. 18. Beyond the browser • Applications. • Operating Systems. • Databases. • Mobile. • Consumer electronics. • Servers.
  19. 19. Can we make JavaScript a better language? The web is difficult to change.
  20. 20. The most effective way to make JavaScript a better language is to remove the bad parts.
  21. 21. Avoid forms that are difficult to distinguish from errors.
  22. 22. Correct the {block scope} problem. New let and const statements to replace var.
  23. 23. Better support for variadic functions The arguments array has lots of problems.
  24. 24. New syntax is useless if you must support older browsers. New syntax === syntax errors
  25. 25. IE6 is fading very slowly. Five years ago I predicted that IE6 would fade away in five years.
  26. 26. There are more obsolete copies of IE in use than Opera, Safari, and Chrome combined. IE6 is hanging on because we are allowing it to hang on.
  27. 27. IE6 MUST DIE!
  28. 28. Decimal? 0.1 + 0.2 !== 0.3
  29. 29. A better target for compilation? JavaScript has become the world’s virtual machine.
  30. 30. An intermediate representation?
  31. 31. Macros?
  32. 32. Threads?
  33. 33. Tail Calls? return func();
  34. 34. More like _______?
  35. 35. Exciting new features? Readability. Significant efficiency.
  36. 36. Security? XSS
  37. 37. What can an attacker do if he gets some script into your page?
  38. 38. An attacker can request additional scripts from any server in the world. Once it gets a foothold, it can obtain all of the scripts it needs.
  39. 39. An attacker can read the document. The attacker can see everything the user sees.
  40. 40. An attacker can make requests of your server. Your server cannot detect that the request did not originate with your application.
  41. 41. If your server accepts SQL queries, then the attacker gets access to your database. SQL was optimized for SQL Injection Attacks
  42. 42. An attacker has control over the display and can request information from the user. The user cannot detect that the request did not originate with your application.
  43. 43. An attacker can send information to servers anywhere in the world.
  44. 44. The browser does not prevent any of these. Web standards require these weaknesses.
  45. 45. The consequences of a successful attack are horrible. Harm to customers. Loss of trust. Legal liabilities.
  46. 46. Cross site scripting attacks were invented in 1995. We made no progress on the fundamental problems in 14 years.
  47. 47. Why is there XSS? • The web stack is too complicated. Too many languages, each with its own encoding, quoting, commenting, and escapement conventions. Each can be nested inside of the others. Browsers do heroic things to make sense of malformed content. • Template-based web frameworks are optimized for XSS injection.
  48. 48. Why is there XSS? • The JavaScript global object gives every scrap of script the same set of powerful capabilities. • As bad as it is at security, the browser is a vast improvement over everything else. • The browser does distinguish between the interests of the user and the interests of the site. • The browser failed to anticipate that there could be additional interests.
  49. 49. Fundamentally, XSS is a confusion of interests. It is dangerous and must be corrected now.
  50. 50. Solving the XSS problem should be our #1 priority. We cannot tolerate web standards that make things worse.
  51. 51. Mashups! A mashup is a self-inflicted XSS attack.
  52. 52. Advertising is a mashup. Advertising is a self-inflicted XSS attack.
  53. 53. Safe JavaScript Subsets Deny access to the global object and the DOM. Caja. caja/ ADsafe.
  54. 54. ECMAScript Fifth Edition Strict December 2009
  55. 55. ES5/Strict makes it possible to have static verification of third party code without over-constraining the programming model. The best of both Caja and ADsafe.
  56. 56. There is still more work to be done • ES5/Strict cannot protect the page from XSS script injection. • ES5/Strict can protect the page from the widgets, but it cannot protect the widgets from the page. • ES5/Strict is an important step toward a programming model in which multiple interests can cooperate for the user’s benefit without compromising each other or the user.
  57. 57. IE6 MUST DIE!
  58. 58. ES5/Strict does not solve the XSS problem. Fixing ECMAScript is a necessary step. But it is also necessary to fix the DOM.
  59. 59. The DOM is an awful API. It inflicts tremendous pain on developers. It enables XSS attacks.
  60. 60. HTML5 A big step in the wrong direction.
  61. 61. How HTML5 makes things worse 1. It is complicated. Complexity is the enemy of security. 2. It gives powerful new capabilities to the attacker, include access to the local database. 3. HTML5 will take a long time to complete. Does a solution to the XSS problem have to wait until HTML6?
  62. 62. Reset. • Throw the current HTML5 proposal out and start over. • The new charter makes the timely solution of the XSS problem the highest priority. • The old HTML5 set can be mined for good ideas as long as that does not undermine the prime directive.
  63. 63. The Next Browser Standard • HTML4/ECMAScript 5 Compatibility mode to support old applications. • An opt-in safe mode that has a new HTML language, ECMAScript 6, and a new DOM. • The new DOM should look like an Ajax library.
  64. 64. Many popular approaches to security fail. • Security by inconvenience. (TSA) • Security by obscurity. • Security as identity. • Security by vigilance.
  65. 65. Security can fall out of good software design.
  66. 66. Information Hiding Need to know David Parnas On the Criteria to Be Used in Decomposing Systems into Modules. (1972)
  67. 67. Information Hiding Need to know A reference is a capability. Capability Hiding Need to do
  68. 68. There are exactly three ways to obtain a reference in an object capability security system. 1. By Creation. 2. By Construction. 3. By Introduction.
  69. 69. 1. By Creation If a function creates an object, it gets a reference to that object.
  70. 70. 2. By Construction An object may be endowed by its constructor with references. This can include references in the constructor’s context and inherited references.
  71. 71. 3. By Introduction A has a references to B and C. B has no references, so it cannot communicate with A or C C has no references, so it cannot communicate with A or B A C B
  72. 72. 3. By Introduction A calls B, passing a reference to C. A C B
  73. 73. 3. By Introduction B is now able to communicate with C. A C B It has the capability.
  74. 74. If references can only be obtained by Creation, Construction, or Introduction, then you may have a safe system.
  75. 75. If references can be obtained in any other way, you do not have a safe system.
  76. 76. ECMAScript is being transformed into an Object Capability Language. The browser must be transformed into an Object Capability System.
  77. 77. The Lazy Programmer’s Guide to Secure Computing Marc Stiegler ? v=eL5o4PFuxTY
  78. 78. The Web is important enough to fix. HTML5 does not fix the web. It makes it worse. Reset HTML5 and start over.