JavaScript is not unlike the Force (and duct tape): it has a light side and a dark side, and it holds the universe together. Back in the dark days of JavaScript, before the light of Ajax shone upon the land, it mostly got used for doing things like validating form input on the fly (inevitably making it really hard to complete forms amidst the onslaught of alert() boxes) and putting counters on pages. Now that we are firmly ensconced in the land of Web 2.0, JavaScript is the prodigal son, returned to make every web experience animated, dynamic, and completely incompatible with all assistive technologies. All kidding aside, the ability to build richer and more desktop-like user interfaces (UIs) within browsers, combined with some impressive libraries—such as the Yahoo! User Interface Library (YUI), jQuery, Scriptaculous, Prototype, and Dojo—has breathed new life into the web application space and made it a whole lot more fun to work in.

There’s no reason that your Facebook application need be any different.As we saw with FBML in Chapter 6, Facebook has imposed a sandbox on JavaScripts running inside of applications by creating a variant of JavaScript (Facebook JavaScript, or FBJS). It’s not a dramatic variation from the actual language, and primarily exists to protect its users from the potentially massive security and privacy holes you could otherwise open. Allowing third-party developers to run scripts within an existing website is a well-known ...