Hi,

Extremely interesting project, and sorry I don't have a ton of time to kick the tires to answer this question myself - I might later today - but as far as safety, the main goal is to provide safety in terms of conflicts, not as far as sandboxing or preventing malicious third-party code fromm taking effect? It would seem that the window.parent is still fully accessible and common attacks like framebusting, cookie stealing, etc., are possible? Not saying that preventing those attacks should be a goal of this project - it seems like it's near-impossible and possibly not worth the effort without a Google Caja-like parsing/regeneration system.

A client is using our code via ubertags, works perfectly in all browsers with the exception of firefox, where the lightningjs iframe is completely empty.
Here's the link: http://www.shrm.org/HRAnswers/Pages/default.aspx you can see the feedback button on all browsers but firefox.

Hey guys this is awesome.

If my third-party library depends on jquery, how would you recommend I safely load that into the same private window?

... or should I just paste it into the start of my lightening loaded lib?

thanks so much

Hi, You could add this library on npm? thanks!

Hi,

I am trying to use lightingjs and wanted to try a simple example. But i cant even make a simple javascript to load and execute. Here is the script i am trying:

<html>
<head>
  <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.4/jquery.min.js"></script>
  <script type='text/javascript' src="./lightningjs-embed.min.js"> </script>
  <script type='text/javascript'> 
    window.piratelib = lightningjs.require("piratelib", "./sample.js");
    piratelib("testfun");
  </script>

</head>
<body>
  Hi...Hello, World!
</body>
</html>

The sample.js script has simple one line function:

var testfun = function(){
  console.log('called testfun function');
};

Can you please let me know if there is some issue with the lightingjs or am i doing something wrong?

I've recently migrated a bookmarklet to using lightningjs and it works great except on one particular site. http://www.freepeople.com/clothes-dresses-rompers-party-dresses/ballerina-princess-dress

When invoking my deferred call the following exception is thrown "cannot call deferred method 'init' on 'undefined' ".

Ive traced it to when the site has set window.id to a non-zero value. The promiseFunctionId is getting set to this window.id value inside embed.js however this id value doesn't seem to be reflected when setting up a provide in the bootstrap.js.

I'm not sure if I'm just setting up something incorrectly or if its a bug with lightningjs.

Hi,

I have some methods that are already asynchronous by nature. Is there any way for me to override the default behavior and control when the deferreds get resolved?

Otherwise, I'm going to have to break up the API and have people pass in callbacks, or return promises inside promises... that seems awkward! =)

So here's the deal using this library or the technique behind it inside google tag manager (gtm) that will handle the script injection doesn't load in Firefox... it's super weird and I can't quite narrow down why it's happening.

It correctly loads the snippet pasted in gtm, creates the non-blocking iframe but fails to attach the onload attribute to the body so nothing actually gets loaded from that point! All other browsers are fine.

If I copy and paste the injected snippet from gtm and comment out the gtm code that grabs the tag it works fine in firefox.

Has anyone else come across this?

Hi,

using ligthning-js I have the following message with firefox, and nothing works : document.defaultView.getComputedStyle(node, null) is null @ .../loader.js?lv=1:59

Everything is fine under chrome.

When using Content Security Policy headers, script-src 'unsafe-inline' needs to be allowed for LightningJS to run. It would be nice if it would work without.