707 posts tagged “javascript”
2008
How Comet Brings Instant Messaging to meebo. “What started off as a hack appears to be fulfilling one of the most basic needs of the Web, which is live synchronous interaction”—Jian Shen
Firebug Lite 1.2 (via) Huge upgrade to the IE/Opera/Safari bookmarklet version of Firebug—it now has DOM element inspection, XHR tracking and an interactive console, among other features.
Dojango version 0.3 released. A reusable Django application that provides Dojo, helper functions (dojo.data integration) and tools for switching between Dojo versions.
window.name Transport. The cleverest use of the window.name messaging hack I’ve seen yet: Dojo now has dojox.io.windowName.send for safe, performant cross-domain messaging.
php: rfc: closures (via) I never thought I’d see the day, but a patch adding closures to PHP has been both proposed and accepted! Looks like a solid implementation—the syntax is similar to JavaScript but makes explicit which variables are to be captured. As with much of PHP, values are copied in to the closure by default but you can use an ampersand to specify JavaScript-style pass-by-reference instead.
quipt (via) Extremely clever idea: Cache JavaScript in window.name (which persists between page views and can hold several MB of data), but use document.referrer to check that an external domain hasn’t loaded the cache with malicious code for an XSS attack. UPDATE: Jesse Ruderman points out a fatal flaw in the comments.
A browser sniffing warning: The trouble with Acid3 and TinyMCE. Opera recommend “bug detection”, a step up from object detection and browser sniffing where your JavaScript includes mini unit test style fragments of code designed to test if buggy behaviour you are working around still affects the user’s browser.
eval() Kerfuffle. The ability to read supposedly private variables in Firefox using a second argument to eval() will be removed in Firefox 3.1.
Javascript protocol fuzz results. If your HTML sanitizer uses blacklisting rather than whitelisting here are a few more weird ways of injecting javascript: in to a link that you need to worry about—but you should really switch to whitelisting http:// and https:// instead.
Module Pattern Provides No Privacy... at least not in JavaScript(TM) (via) JavaScript variables hidden inside a closure aren’t as hidden as I thought—it turns out you can pass a closure as the second argument to eval (at least in Firefox) and “steal” private variables back out of it.
BUG: XSS Security flaw in BaseCamp Messages (via) BaseCamp lets users include HTML and JavaScript in messages, on the basis that anyone with a BaseCamp account is a trusted party. I’m not convinced: you could use this to circumvent BaseCamp’s access control stuff and read messages you’re not meant to. On the flip side, you could also use this to add brand new features to BaseCamp by using JavaScript in a message as a server-side equivalent to Greasemonkey.
jsontime. Nat and I threw this together this morning—it runs on Google App Engine and exposes Python’s pytz timezone library over JSONP.
When Bugs Collide: Fixing Text Dimming in Firefox 2. Handy tips from Drew on fixing the glitchy text rendering in Firefox 2 when you animate opacity without breaking alpha-transparent PNGs in IE6.
Deep Profiling jQuery Apps. Neat plugin from John Resig that monkey-patches most (all?) of the jQuery methods to build up a detailed profile of which methods are being used by a given page.
Spicing Up Embedded JavaScript. John Resig collects the various ways in which a JavaScript interpreter can be hosted by Python, PHP, Perl, Ruby and Java. There are full JS implementations in PHP, Perl and Java; Ruby and Python both have modules that use an embedded SpiderMonkey.
Is It OK to Require JavaScript? Not if you can avoid doing so. Unobtrusive JavaScript really isn’t hard if you design it in from the start, and since stackoverflow is a community forum / questions and answers site I have trouble imagining a feature that can’t be made to work without JavaScript.
OS OpenSpace from Ordnance Survey (via) Ordinance Survey now provide a free JavaScript mapping API for “non-commercial purposes” by “private individuals”. The maps look incredibly detailed, although I can’t find any live API demos on the site (the documentation is illustrated with screenshots).
Updated jQuery Bookmarklet. Nicer than my own “Inject jQuery” bookmarklet because it drops in a temporary message confirming that jQuery has been imported (or telling you that jQuery was already present).
An interview with 280 North on Objective-J and Cappuccino. Fantastic comment thread with involvement from the guys who created Objective-J. Just like Objective-C, Objective-J is a preprocessor that runs against regular JavaScript source files so you can use JavaScript and Objective-J idioms interchangeably.
280slides and Objective-J. 280 slides uses an Objective-C clone written in 13KB of JavaScript. I have to admit I’m completely baffled as to why you would want to use Objective C instead of JavaScript, but evidently it worked fantastically well for them.
SquirrelFish. WebKit’s JavaScript engine was no slouch, but that hasn’t stopped them from replacing it with a brand new “register-based, direct-threaded, high-level bytecode engine, with a sliding register window calling convention”. It runs 1.6x faster and has the Best Logo Ever.
Google Earth in a browser (sort of), Scriptable, a quick peek and poke. Dan Catt on Google’s new browser plugin version of Google Earth... which conveniently exposes a JavaScript API to the browser in the form of the “ge” object, which can then be poked at interactively using Firebug.
QUnit. The jQuery unit testing framework is now documented and supported as a separate project.
AOP aspect of JavaScript with Dojo. Fantastic post—concisely explains Aspect Oriented Programming, then shows how Dojo’s dojox.lang.aspect brings AOP to JavaScript, including some really useful built-in aspects for logging, profiling and more. Aspects are like Python decorators on steroids.
Dopplr place googlemaps, with and without Yahoo Geo API bounding box adjustment. Dopplr uses Geonames for most geo information, but is now mixing in bounding box data from the Yahoo! Geo web service to improve the default zoom level for their maps. The JSON callback API means no server-side code is required on Dopplr’s end.
Firebug Command Line API. Another thing I didn’t know about Firebug: you can set a breakpoint at the start of a function with “debug(fn)” and log all calls to it with “monitor(fn)”.
Cubescape. Beautiful isometric cube building tool by Cameron Adams, written in JavaScript and jQuery.
Crossdomain.xml Invites Cross-site Mayhem. A useful reminder that crossdomain.xml files should be treated with extreme caution. Allowing access from * makes it impossible to protect your site against CSRF attacks, and even allowing from a “circle of trust” of domains can be fatal if just one of those domains has an XSS hole.
Engineering @ Facebook: Facebook Chat. The new Facebook Chat uses Comet (long polling with a hidden iframe) against a custom web / chat server written in Erlang, designed to handle a launch to all 70 million users at once. It was tested using a “dark launch” period where live pages simulated chat request traffic without showing any visible UI.
goog/useragent/iphoto.js. The Goog library includes code to detect the user’s installed version of iPhoto, based on reverse engineering the Mac.com Gallery RSS feeds. This has Mark Pilgrim written all over it.