Mozilla Secure Coding Guidelines, Raphaël 2.0, cryptico.js
by
at 2011-10-10 07:00:00
original http://feedproxy.google.com/~r/dailyjs/~3/kuF3S2cBURI/sec-raphael-cryptico
Mozilla Secure Coding Guidelines
Mozilla’s WebAppSec/Secure Coding Guidelines is a set of coding guidelines for developing secure applications. There’s a lot information about securing application layer communications, but there’s also some JavaScript-specific advice. JavaScript input validation is considered, along with preventing XSS attacks, and uploads as a JavaScript-based XSS attack vector.
Mozilla also introduced Aurora 9 recently, which includes a JavaScript interface for Do Not Track, and the addition of type inference.
Raphaël 2.0
Dmitry Baranovskiy has released Raphaël 2.0 (GitHub: DmitryBaranovskiy / raphael). Dmitry wrote a post on February 10th about the planned features for Raphaël 2.0. The GitHub history indicates that this version has a new VRML version, and the project has been split up into three files: raphael.svg.js, raphael.vml.js, and raphael.core.js.
If you want to figure out the other changes, either look through Raphaël’s documentation or try to read more of the history on GitHub.
cryptico.js
cryptico.js (Google Code: cryptico, License: New BSD License) is a public key cryptography library that can generate RSA key pairs, encrypt and decrypt messages.
Keys can be generated with cryptico.generateRSAKey(passPhrase, 1024), and messages can be encrypted with cryptico.encrypt(message, publicKeyString).
The cryptico documentation includes notes on the library’s implementation:
A hash is generated of the user’s passphrase using the SHA256 algorithm found at webtoolkit.info. This hash is used to seed David Bau’s seedable random number generator. A (seeded) random RSA key is generated with Tom Wu’s RSA key generator with 3 as a hard-coded public exponent.