Articles on: 🧠 Knowledgebase

About Squid SDK (JS Snippet)

About Squid SDK (JS Snippet)

Squid’s SDK is designed with performance, privacy, and security in mind. It enables real-time event streaming without interfering with the host application or exposing sensitive data. 


Asynchronous loading: The SDK is loaded with async, meaning it never blocks the main thread or delays page rendering.


Single external dependency: It only loads one remote script, from a verified domain (https://app.asksquid.ai).


No framework conflicts: The SDK does not override or patch any browser APIs, ensuring compatibility with other libraries


The SDK intentionally minimizes its surface area:

  • Defines only one global object: window.$quid.
  • Attaches two event listeners: (1) click to capture basic user interactions, and (2) scroll to measure engagement behavior.
  • Does not intercept or modify other DOM events.
  • Does not inject UI elements or alter existing page content.


This ensures it does not affect layout, performance, or user experience.


 Secure Data Flow via WebSocket (WSS)

  • The SDK opens a secure WebSocket (WSS) connection to stream events in real time.
  • All communication is encrypted end-to-end (TLS 1.2+).
  • No unencrypted or cross-origin POST requests are made.
  • The connection is used solely for transmitting anonymized interaction events, no user credentials, cookies, or sensitive data are sent.


Sandboxed Execution and Isolation

To isolate logic from the host environment:

  • The SDK creates an invisible <iframe> sandbox.
  • All processing, user identity resolution, and local data storage (e.g., unique session IDs) occur inside that iframe, not in the parent page.
  • The iframe runs on the same trusted Squid domain (asksquid.ai), ensuring origin isolation and preventing any code execution within the customer’s page context.


This architecture eliminates the risk of DOM pollution or accidental access to application data.

 

Privacy and Data Minimization

  • The SDK only collects behavioral metadata (clicks, scrolls, session IDs), never page content.
  • No cookies are set unless explicitly configured within the iframe.

Updated on: 22/10/2025

Was this article helpful?

Share your feedback

Cancel

Thank you!