Mozilla Secure Coding Guidelines, Raphaël 2.0, cryptico.js

2011-10-10 00:00:00 +0100 by Alex R. Young

Mozilla Secure Coding Guidelines

Mozilla's WebAppSec/Secure Coding

is a set of coding guidelines for developing secure applications.
There's a lot information about securing application layer
communications, but there's also some JavaScript-specific advice.
JavaScript input validation is considered, along with preventing XSS
attacks, and uploads as a JavaScript-based XSS attack vector.

Mozilla also introduced Aurora
which includes a JavaScript interface for Do Not
and the addition of type inference.

Raphaël 2.0

Dmitry Baranovskiy has released Raphaël 2.0
(GitHub: DmitryBaranovskiy / raphael). Dmitry wrote a
post on February 10th about the planned features for Raphaël
The GitHub history indicates that this version has a new VRML version,
and the project has been split up into three files: raphael.svg.js,
raphael.vml.js, and raphael.core.js.

If you want to figure out the other changes, either look through
Raphaël's documentation or try to read more of the history on GitHub.


cryptico.js (Google Code: cryptico, License: New BSD License) is a public key cryptography library that can generate RSA key
pairs, encrypt and decrypt messages.

Keys can be generated with cryptico.generateRSAKey(passPhrase,
, and messages can be encrypted with
cryptico.encrypt(message, publicKeyString).

The cryptico documentation
includes notes on the library's implementation:

A hash is generated of the user's passphrase using the SHA256 algorithm found at webtoolkit.info. This hash is used to seed David Bau's seedable random number generator. A (seeded) random RSA key is generated with Tom Wu's RSA key generator with 3 as a hard-coded public exponent.