Simon Willison’s Weblog

WebKit, Mobile, and Progress. Alex Russell responds to PPK’s analysis of the many different WebKit variants in today’s mobile phones, pointing out that the replacement cycle and increasing quality of WebKit in more recent phones means the situation still looks pretty good. 10th October 2009, 12:28 am

CSS 3: Progress! Alex Russell on the new exciting stuff going in to CSS 3 based on real-world implementations in the modern set of browsers. Of particular interest is the new Flexible Box specification, which specifies new layout primitives hbox and vbox (as seen in XUL) and is already supported by both WebKit and Gecko. 22nd August 2009, 11:52 am

Microsoft backs long life for IE6. Oh FFS... “The software giant said it would support IE6 until 2014—four years beyond the original deadline.” 14th August 2009, 2:53 pm

MoD sticks with insecure browser. Tom Watson MP used parliamentary written answers to find out that the majority of government departments still require their staff to use IE6, and not all of them have upgrade plans to 7 or 8. Not a single department considered an alternative browser. “Many civil servants use web browsers as a tool of their trade. They’re as important as pens and paper. So to force them to use the most decrepit browser in the world is a rare form of workplace cruelty that should be stopped.” 24th July 2009, 10:18 am

HTML 5 Parsing. Firefox nightlies include a new parser that implements the HTML5 parsing algorithm (disabled by default), which uses C++ code automatically generated from Henri Sivonen’s Java parser first used in the HTML5 validator. 11th July 2009, 11:36 pm

Firefox 3.5 for developers. It’s out today, and the feature list is huge. Highlights include HTML 5 drag ’n’ drop, audio and video elements, offline resources, downloadable fonts, text-shadow, CSS transforms with -moz-transform, localStorage, geolocation, web workers, trackpad swipe events, native JSON, cross-site HTTP requests, text API for canvas, defer attribute for the script element and TraceMonkey for better JS performance! 30th June 2009, 6:08 pm

Google asked people in Times Square:“What is a browser?”. Stuff like this makes me despair for creating a secure web—what chance do people have of surfing safely if they don’t understand browsers, web sites, operating systems, DNS, URLs, SSL, certificates... 20th June 2009, 1:25 am

Changes in Opera’s user agent string format (via) How depressing... Opera 10 will ship with 9.80 in the User-Agent string because badly written browser sniffing scripts can’t cope with double digits. 28th May 2009, 1:16 am

Critical Mac OS X Java Vulnerabilities. There’s a five month old Java arbitrary code execution vulnerability which hasn’t yet been patched by Apple. Disable Java applets in your browser until it’s fixed, or random web pages could execute commands on your machine as your user account. 19th May 2009, 7:07 pm

Cross Browser Base64 Encoded Images Embedded in HTML (via) Scarily clever. View the PHP source to see what’s going on—most browsers get image tags that use data URIs starting with data:image/png;base64, but IE gets served a Content-type:message/rfc822 header and a MIME formatted multipart/related document, as used by e-mail clients to embed inline image attachments. 17th April 2009, 4:12 pm

10 Cool Things We’ll Be Able To Do Once IE6 Is Dead. Highlights include child and attribute selectors, 24bit PNGs and max-width and min-width. Simple pleasures, but I can hardly wait. 15th April 2009, 2:17 pm

cufon. A promising alternative to sIFR, cufon uses VML on IE and canvas on other browsers to render custom fonts in the browser. You have to convert your font to JavaScript first, either using their free hosted tool or by installing the FontForge based server-side script yourself. The JavaScript encoded font file uses VML primitives to improve IE performance; the JavaScript library converts that to canvas calls for other, faster browsers. 6th April 2009, 10:29 pm

Pwn2Own trifecta: Hacker exploits IE8, Firefox, Safari. You just can’t trust browser security: Current versions of Safari, IE8 and Firefox all fell to zero-day flaws at an exploit competition. None of the vulnerabilities have been disclosed yet. 19th March 2009, 3:30 pm

Getting OpenID Into the Browser. David Recordon makes the case for online identity management as a key browser feature (I like the “your browser is currently locked” concept), and argues that Gears is in a great position to deliver it. 3rd December 2008, 10 am

The March of Access Control. The W3C Access Control specification is set to become a key technology in enabling secure cross-domain APIs within browsers, and since it addresses a legitimate security issue on the web I hope and expect it will be rolled out a lot faster than most other specs. 19th November 2008, 8:40 am

and now... Opera. Jon Hicks is joining Opera as Senior Designer. I absolutely cannot wait to see what he comes up with there. 9th October 2008, 6:39 pm

Chromium. Google Chrome is out! Here’s the open source project, including the code for the new V8 JavaScript virtual machine. 2nd September 2008, 9:06 pm

A browser sniffing warning: The trouble with Acid3 and TinyMCE. Opera recommend “bug detection”, a step up from object detection and browser sniffing where your JavaScript includes mini unit test style fragments of code designed to test if buggy behaviour you are working around still affects the user’s browser. 4th July 2008, 8:24 am

Why do browsers still not have file upload progress meters? Great question. 26th June 2008, 8:27 am

When Bugs Collide: Fixing Text Dimming in Firefox 2. Handy tips from Drew on fixing the glitchy text rendering in Firefox 2 when you animate opacity without breaking alpha-transparent PNGs in IE6. 19th June 2008, 6:09 pm

Flirting with mime types [PDF] (via) Different browsers have different rules for which content types will be treated as active content (and hence could be vectors for XSS attacks). IE uses a blacklist rather than a whitelist and hence rendered active content for 696 of the tested content types. 14th April 2008, 8:18 am

Happy Run Some Old Web Browsers Day! jwz has recreated home.mcom.com, the original home of the Mosaic Communications Corporation, using a snapshot from 21st October 1994 and a domain borrowed from current owner AOL. Also includes instructions on running 1994 Mosaic Netscape binaries under a modern Linux distro. 31st March 2008, 5:54 pm

Opera and the Acid3 Test. Screenshot shows 100/100 (live code or it didn’t happen!)—Opera’s codebase must be in extremely good shape to fix so many issues so quickly. 26th March 2008, 10:47 pm

IE8 speeds things up. Steve Souders notes that IE8 downloads script files in parallel before executing them sequentially, giving it a significant speed boost over other browsers that download sequentially. 11th March 2008, 5:42 am

Sunsetting Quirks Mode. Apparently proper standards support in IE (or at least the IE8 renderer) will be triggered by the HTML5 doctype, providing an alternative to those who don’t wish to pollute their markup with an IE-specific meta tag. 23rd January 2008, 2:56 pm

Legacy. James Bennett has what I think is the most interesting analysis of the X-UA-Compatible header to date. 23rd January 2008, 2:14 pm

<META HTTP-EQUIV=“X-BALL-CHAIN”>. Mozilla hacker Robert O’Callahan discusses the technical implications of freezing copies of older rendering engines, including the increased footprint and the terrifying prospect of documents in different rendering modes communicating through iframes and the DOM. 22nd January 2008, 6:55 pm

The versioning switch is not a browser detect. PPK: “In other words, the versioning switch does not have any of the negative effects of a browser detect.” 22nd January 2008, 4:34 pm

Beyond DOCTYPE: Web Standards, Forward Compatibility, and IE8. This has huge implications for client-side web developers: IE 8 will include the ability to mark a page as “tested and compatible with the IE7 rendering engine” using an X-UA-Compatible HTTP header or http-equiv meta element. It’s already attracting a heated debate in the attached discussion. 22nd January 2008, 12:40 pm

Safari CSS Reference. Official documentation covering the CSS properties supported by Safari, including the -webkit proprietary extensions. 22nd November 2007, 11:51 pm

CSS3 and the death of Handheld Stylesheets. I hadn’t looked at CSS 3 media queries before (which let you apply different styles based on media features such as screen width, height and colour availability)—they seem like a much smarter solution that handheld stylesheets and also appear to be preferred by device vendors. 16th November 2007, 9:53 am

CSS Transforms. WebKit can now do transforms (scale, rotate, translate and skew) in CSS via a new -webkit-transform property. Transforms behave like position relative in that they don’t affect the layout of the page. You can also provide a full affine transform matrix as a shortcut. 26th October 2007, 9:45 pm

Tabula Fracta. Mozilla hacker Robert O’Callahan offers advice for anyone aiming to create a new rendering engine from scratch. The WHATWG’s work on specifying real-world browser behaviour and error models gets a well deserved mention. 9th October 2007, 1:20 am

Native DOMContentLoaded is coming to Safari. I filed this bug over two years ago. They’ve just committed the resulting patch to trunk. 8th October 2007, 1:07 am

Seeking market share, Microsoft removes WGA anti-piracy check from IE7. Hopefully this will accelerate the rise of IE7 over IE6. 5th October 2007, 11:55 pm

Multi-Safari. Lets you run multiple versions of Safari on the same Mac. As with the multi-IE hacks, all versions use the same underlying HTTP libraries (which belong to the OS) so the simulation isn’t entirely accurate. 5th October 2007, 11:51 pm

WebRunner 0.7—New and Improved. A simple application for running a site-specific browser for a service (e.g. Twitter, Gmail etc). This is a great idea: it isolates your other browser windows from crashes and also isolates your cookies, helping guard against CSRF attacks. 27th September 2007, 1:55 pm

Opera 9.5 alpha, Kestrel, released. “With history search, Opera creates a full-text index of each and every page you visit, and when you go to the address bar, you can simply start entering words you know have been on pages you’ve visited before, and items matching your search show up.” I just tried this; it’s magic. I’m switching back to Opera from Camino. 16th September 2007, 8:34 pm

Opera 9.5 (Kestrel). The latest Opera alpha includes a bunch of CSS3 features (including an almost full implementation of CSS3 Selectors) as well as the ability to use SVG for scalable background images. 4th September 2007, 10:49 am

WebCore Rendering I—The Basics. Dave Hyatt has started a series of posts explaining the internals of WebCore’s rendering system. 10th August 2007, 3:21 pm

Enabling the debug menu on Safari for Windows. “Turn off site-specific hacks” is one of the menu options. 12th June 2007, 1:18 pm

Timing and Synchronization in JavaScript. Comprehensive overview of how browsers (Opera in particular) load scripts and queue events, with suggestions for best practices. 30th April 2007, 2:24 pm

Camino 1.1 Beta. Camino now has session saving. I simply won’t use a browser that doesn’t have this feature. 25th February 2007, 1:16 am

Live DOM Viewer (via) Neat tool from Hixie that provides an insight in to what browsers are actually thinking. 6th February 2007, 1:12 am

How to enable session saving in the new Camino 1.1a2 (via) I’ve stopped spending time in any browser that doesn’t have session saving built in—sorry Safari! 15th January 2007, 1:49 am