3rd Party JavaScript: Welcome to the Circle of Trust

Engineering Team Lead, Client

Does this sound interesting?

We're Hiring

For the last three years, we’ve been supplying our publishers with 3rd Party JavaScript to power native content distribution, helping them make a buck by providing non-interruptive, choice-based advertising. Our code is put on the publisher’s page directly, versus in an iframe (typically referred to as a “sandbox”). This provides for more feature-rich, deeper integrations but comes with some challenges.

We’re integrated with a large number of publishers, some large enough to have their own engineering teams, and most who have limited technical resources. Although we’ve done as much as we can to isolate ourselves from the publishers’ choices, occasionally we’ll get a surprise.

We’re Guests; No Commenting on the Artwork

The publishers we work with own the page, we’re just visiting. And like any good guest, we need to be polite and respectful. Don’t like a library they’re using? Don’t like how they’ve structured their JS? Sorry, we’re guests in their homes. It’s on us to ensure smooth interoperability. It’s all too common to see broken ads which take away from the fun and utility of publisher pages by slowing down page load or distracting the user from the main purpose of the page.

This philosophy of being a good guest has informed many of our design decisions, including:

  • Loading our JavaScript asynchronously so as not to block the pub page load
  • Loading our content after the publisher’s page has loaded
  • Name-spacing our JavaScript and CSS to avoid conflicts
  • Ensuring we utilize no-conflict modes of our depencies (e.g. jQuery)
  • Authoring our own no-conflict modes (if necessary)

The Wild West

In this series of posts, we’ll share some experiences we’ve had discovering, debugging and addressing issues arising from running 3rd Party JavaScript across a host of publishers on our native mobile exchange.

The goal here is to inform both ends of the equation: when publishers and 3rd Party JavaScript are both playing in the same sandbox, how can we develop defensibly?