Presentation is loading. Please wait.

Presentation is loading. Please wait.

John Hazen Principal Program Manager Lead Microsoft Corporation

Published byDóra Szekeresné Modified over 5 years ago

Similar presentations

Presentation on theme: "John Hazen Principal Program Manager Lead Microsoft Corporation"— Presentation transcript:

1 John Hazen Principal Program Manager Lead Microsoft Corporation
6/1/2019 8:16 PM APP-476T Code with confidence: dynamic web content in Metro style apps using HTML5 John Hazen Principal Program Manager Lead Microsoft Corporation © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Agenda Customer expectations for Metro style apps
Blending Windows Runtime and dynamic web content New mechanisms built on familiar concepts Demo and coding examples You’ll leave with examples of how to Confidently integrate dynamic web content in your app Easily authenticate your app with online services using OAuth

3 The Windows Runtime is easy and powerful
Stored Data Network Access Web Camera User Location Encrypted Data Photo Library USB Drive Home Group And lots more…

4 Users expect dynamic content
Windows Runtime Stored Data Network Access Web Camera Web Services IM User Location Encrypted Data Photo Library Data Cloud Services RSS Feeds USB Drive Home Group And lots more… SMS

5 demo innerHTML call

6 Who do you trust? Content you trust Untrusted content You generated it
You tested it You know you are not malicious Untrusted content Unknown source Innocent mistakes Risk of malicious intent

7 Familiar techniques Content you trust Untrusted content
Wrap in an iframe Content you trust You generated it You tested it You know you are not Untrusted content Unknown source Innocent mistakes Risk of malicious intent

8 Using <iframe> to separate content
Trusted content from local package Untrusted content not in local package ms-wwa:///

9 Using <iframe> to separate content
Local context Trusted content from local package Web context Untrusted content not in local package ms-wwa:/// Windows Runtime innerHTML validation Remote source not permitted Same as browser <iframes> No Windows Runtime W3C API

10 Using local code in a web context
Local context Trusted content from local package Web context Trusted content that must interact directly with untrusted content ms-wwa:/// ms-wwa-web:/// Windows Runtime innerHTML validation Remote source not permitted Same as browser <iframes> No Windows Runtime W3C API

11 A familiar communication mechanism
Local context Trusted content from local package Web context Untrusted content not in local package ms-wwa:/// postMessage Windows Runtime innerHTML validation Remote source not permitted Same as browser <iframes> No Windows Runtime W3C API

12 Using Script in a local context
innerHTML and related operations If script elements are found, the operation fails Blocking accidental inclusion of script Intent to use script can be expressed in code Remote source references not permitted Use web context iframes for remote code <script src=

13 Local context vs. Web context
demo Local context vs. Web context

14 Recap Local context Web context Full access to Windows Runtime
Default context for your app Helps avoid accidental script execution ms-wwa:// protocol Web context Works like the browser No access to Windows Runtime and as well as ms-wwa-web:///

15 Authentication using OAuth
Easy and consistent user experience Simple APIs for authentication

16 Socialite and MSDK sample
demo Web authentication Socialite and MSDK sample

17 Recap Web Authentication Broker Simple invocation
Consistent user experience No direct access to user credentials Great samples in the SDK

18 Review

19 Dynamic web content enriches your apps when used wisely.

20 Windows 8 makes is easy to separate code you trust from code you don’t trust.

21 Windows 8 provides simple mechanisms for proper authentication to great services.

22 Build great apps. Build confidence.

23 Related sessions APP-512T : The web-to-Windows journey: turning your web assets into a Windows app APP-929T: Best practices for writing safe and secure Metro style apps using HTML5 APP-740T : Metro style apps using HTML5 from start to finish PLAT-894T: Seamlessly interacting with web and local data APP-784T: Power your app with Live services PLAT-581T: Making apps social and connected with HTTP services

24 Further reading and documentation
Secure Development of Metro style apps with HTML5

25 thank you Feedback and questions http://forums.dev.windows.com
Session feedback

26 6/1/2019 8:16 PM © 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27

Download ppt "John Hazen Principal Program Manager Lead Microsoft Corporation"

Similar presentations

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
Preface Demo A Quick Thank You How Did We Do It?

Preface Demo A Quick Thank You How Did We Do It?
Windows 8 (1) (2) (3) Windows 8 (1) (2) (3)

Windows 8 (1) (2) (3) Windows 8 (1) (2) (3)
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
MIX 09 4/15/2017 11:14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

MIX 09 4/15/ :14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
demo Default WANGPSLookup Default WANGPS.

demo Default WANGPSLookup Default WANGPS.
www.sitemasher.com Multitenant Model Request/Response General Model.

Multitenant Model Request/Response General Model.
Announcing Demo Announcing.

Announcing Demo Announcing.
Feature: Web Client Keyboard Shortcuts © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are.

Feature: Web Client Keyboard Shortcuts © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are.
Session 1.

Session 1.
Built by Developers for Developers…. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

Built by Developers for Developers…. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
 Rico Mariani Architect Microsoft Corporation.

 Rico Mariani Architect Microsoft Corporation.
Windows 8 (1) (2) (3) Windows 8 (1) (2) (3)

Windows 8 (1) (2) (3) Windows 8 (1) (2) (3)
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
Feature: Print Remaining Documents © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

Feature: Print Remaining Documents © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.
Connect with life www.connectwithlife.co.in. Connect with life www.connectwithlife.co.in.

Connect with life Connect with life
demo Receive Inventory Export Parse and Normalize.

demo Receive Inventory Export Parse and Normalize.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

Similar presentations

Ads by Google