I’m working on a site that is implementing similar functionality to A
Certain Large Social Networking Site’s Apps feature.
Application developers will be able to write apps in a hybrid HTML /
This will get parsed by my servers (as the man in the middle) and then
shoved back to the user’s browser as HTML.
Now, my normal inclination is just to dive in and start coding away =)
But I figured one of the smart people here might have some good pointers
on where to start.
The tricky problems, as I see them:
malicious calls (document.cookies ?)
- Also: how to deal with Base64 / eval / other tomfoolery that attackers
- Parsing custom tags like <foo:username />, <foo:friend_list count=“4”
The last one seems similar enough to parsing HTML trees so hopefully
there’s something in ruby-land that can help with this)
Any suggestions / links / pointers would be greatly appreciated!!
ps. if anyone is interested in working with me on some kind of open
source library that could handle this kind of thing in a
website/domain-agnostic way, feel free to hit me up.