DailyJS

Mozilla Secure Coding Guidelines, Raphaël 2.0, cryptico.js

Alex R. Young

Subscribe

@dailyjs

Facebook

Google+

libraries graphics cryptography documentation security

Mozilla Secure Coding Guidelines, Raphaël 2.0, cryptico.js

Posted by Alex R. Young on .
Featured

libraries graphics cryptography documentation security

Mozilla Secure Coding Guidelines, Raphaël 2.0, cryptico.js

Posted by Alex R. Young on .

Mozilla Secure Coding Guidelines

Mozilla's WebAppSec/Secure Coding
Guidelines

is a set of coding guidelines for developing secure applications.
There's a lot information about securing application layer
communications, but there's also some JavaScript-specific advice.
JavaScript input validation is considered, along with preventing XSS
attacks, and uploads as a JavaScript-based XSS attack vector.

Mozilla also introduced Aurora
9
recently,
which includes a JavaScript interface for Do Not
Track
,
and the addition of type inference.

Raphaël 2.0

Dmitry Baranovskiy has released Raphaël 2.0
(GitHub: DmitryBaranovskiy / raphael). Dmitry wrote a
post on February 10th about the planned features for Raphaël
2.0
.
The GitHub history indicates that this version has a new VRML version,
and the project has been split up into three files: raphael.svg.js,
raphael.vml.js, and raphael.core.js.

If you want to figure out the other changes, either look through
Raphaël's documentation or try to read more of the history on GitHub.

cryptico.js

cryptico.js (Google Code: cryptico, License: New BSD License) is a public key cryptography library that can generate RSA key
pairs, encrypt and decrypt messages.

Keys can be generated with cryptico.generateRSAKey(passPhrase,
1024)
, and messages can be encrypted with
cryptico.encrypt(message, publicKeyString).

The cryptico documentation
includes notes on the library's implementation:

A hash is generated of the user's passphrase using the SHA256 algorithm found at webtoolkit.info. This hash is used to seed David Bau's seedable random number generator. A (seeded) random RSA key is generated with Tom Wu's RSA key generator with 3 as a hard-coded public exponent.