Highlighted

JavaScript check

Rookie Contributor
Does Tealium's code generation have any security or sanitization checks while it generates from the template and extension code? Something like running the Google Caja tool before the resulting JavaScript is published and possibly warning for any issues.
2 REPLIES 2
Highlighted
Tealium Employee
Hi Sriram. We are working on getting the right answer to this question.
Highlighted

JavaScript check

Tealium Employee

Sriram,

 

Tealium has a strict vetting process for our templates that we use to generate the code our customers embed on their site. Here are some of our processes to ensure the integrity and safety of our JavaScript tags:

 

  1. Template tags are created by our solutions engineering developers.
  2. All Solutions Engineer developers are given a background check and are specifically chosen as a trustable employee.
  3. Tag template code is regularly peer reviewed for functionality and security.
  4. Our template deployment process is dual approval and version controlled. There is no anonymity in code base and all code is requested to be merged into testing and production branches by operations engineering.
  5. Major changes are certified by our QA department.
  6. Once approved, code is deployed automatically using configuration management software that pulls from our version control system.
  7. Operations reviews all merges to the production branch. Code is viewed by operations prior to being merged into production.
  8. Our publish engine that turns templates in to customer tags and copies them to the CDNs breaks if the JavaScript is rendered improperly.

 

The publish engine is managed by our most trustworthy developers. The files generated at each publish can be downloaded as a compressed archive. We have worked with our customers to automate downloading the files in order to check them into their own version control system or parse them with their own tools. We can help you meet your company's security requirements. If you have any further questions please feel free to contact our Information Security Department at infosec@tealium.com.

 

Very Respectfully,

Jason Bain

Platform Security Lead