Simon Willison’s Weblog

Items tagged javascript in May

Filters: Month: May × javascript ×

Deno 1.0. Deno is a new take on server-side JavaScript from a team lead by Ryan Dahl, who originally created Node.js. It’s built using Rust and crammed with fascinating ideas—like the ability to import code directly from a URL. # 13th May 2020, 11:38 pm

Monaco Editor. VS Code is MIT licensed and built on top of Electron. I thought “huh, I wonder if I could run the editor component embedded in a web app”—and it turns out Microsoft have already extracted out the code editor component into an open source JavaScript package called Monaco. Looks very slick, though sadly it’s not supported in mobile browsers. # 21st May 2019, 8:47 pm

Observable: Downloading and Embedding Notebooks (via) Big news from the Observable team: firstly, they’ve released the open source runtime for their notebooks which means you can now execute the code from a notebook independently of their hosted service. On top of that they’ve constructed an elegant way of exporting and executing notebooks (or specific notebook cells) as ES6 modules and as installable npm package tarballs. # 22nd May 2018, 12:14 pm

sql.js Online SQL interpreter (via) This is fascinating: sql.js is a project that complies the whole of SQLite to JavaScript using Emscripten. The demo is an online SQL interpreter which lets you import an existing SQLite database from your filesystem and run queries against it directly in your browser. # 17th May 2018, 9:28 pm

isomorphic-git (via) A pure-JavaScript implementation of the git protocol and underlying tools which works both server-side (Node.js) AND in the client, using an emulation of the fs API. Given the right CORS headers it can clone a GitHub repository over HTTPS right into your browser. Impressive. # 16th May 2018, 8:54 pm

Iodide Notebook: Project Examples (via) Iodide is a very promising looking open source JavaScript notebook project, and these examples do a great job of showing what it can do. It’s not as slick (yet) as Observable but it does run completely independently using just a browser. # 3rd May 2018, 6:42 pm

Are traditional web frameworks and languages like RubyOnRail, Spring Boot and PHP dying now when new fast reactive pure JavaScript frameworks and services like Meteor, Node, Angular 2.0 and Firebase are breaking ground?


[... 40 words]

tobeytailor’s gordon. Another Flash runtime in pure JavaScript project, released back in January. Not quite as advanced as Smokescreen yet (it doesn’t have an audio implementation) but already available as open source under an MIT license. # 29th May 2010, 11:57 am

Smokescreen demo: a Flash player in JavaScript. Chris Smoak’s Smokescreen, “a Flash player written in JavaScript”, is an incredible piece of work. It runs entirely in the browser, reads in SWF binaries, unzips them (in native JS), extracts images and embedded audio and turns them in to base64 encoded data:uris, then stitches the vector graphics back together as animated SVG. Open up the Chrome Web Inspector while the demo is running and you can see the SVG changing in real time. Smokescreen even implements its own ActionScript bytecode interpreter. It’s stated intention is to allow Flash banner ads to execute on the iPad and iPhone, but there are plenty of other interesting applications (such as news site infographics). The company behind it have announced plans to open source it in the near future. My one concern is performance—the library is 175 KB and over 8,000 lines of JavaScript which might cause problems on low powered mobile devices. # 29th May 2010, 11:32 am

Busting frame busting: a study of clickjacking vulnerabilities at popular sites (via) Fascinating and highly readable security paper from the Stanford Web Security Research group. Clickjacking can be mitigated using framebusting techniques, but it turns out that almost all of those techniques can be broken in various ways. Fun examples include double-nesting iframes so that the framebusting script overwrites the top-level frame rather than the whole window, and a devious attack against the IE and Chrome XSS filters which tricks them in to deleting the framebusting JavaScript by reflecting portions of it in the framed page’s URL. The authors suggest a new framebusting snippet that should be more effective, but sadly it relies on blanking out the whole page in CSS and making it visible again in JavaScript, making it inaccessible to browsers with JavaScript disabled. # 24th May 2010, 11:40 am

jed’s fab. Spectacular web framework for Node.js which, despite using nothing but regular JavaScript, has syntax that is easily confused with Lisp. General consensus at work is that truly understanding how this works is a crucial step on the path to JavaScript enlightenment. # 18th May 2010, 6:50 pm

Understanding node.js. A king providing orders to his army of servants is a much better analogy than my hyperactive squid. # 18th May 2010, 6:44 pm

Music Notation with HTML5 Canvas. A pretty decent effort at rendering musical notation using JavaScript and the canvas element. # 12th May 2010, 8:53 am

Realtime Election Tweets. Jay Caines-Gooby’s realtime election tweet service, using Node.js, nginx and WebSocket with a Flash fallback. # 6th May 2010, 9:20 pm

premasagar’s sandie. “Sandie is a simple method for loading external JavaScript files into a page without affecting the global scope, to avoid collisions between conflicting scripts”—works by loading the script in an invisible iframe (hence a new global scope) and then passing a reference to a callback function in the parent page. # 6th May 2010, 8:37 pm

Pure CSS3 Spiderman Cartoon w/ jQuery and HTML5. Great demo, though calling -webkit-animation HTML5 (or even CSS3) is a bit of a stretch... # 4th May 2010, 7:27 pm

TiddlyPocketBook. Paul Downey took Nat’s dinky pocketbooks CSS and combined it with TiddlyWiki to create a single page pocketbook editor. # 28th May 2009, 1:24 am

JS-Placemaker—geolocate texts in JavaScript. Chris Heilmann exposed Placemaker to JavaScript (JSONP) using a YQL execute table. Try his examples—I’m impressed that “My name is Jack London, I live in Ontario” returns just Ontario, demonstrating that Placemaker’s NLP is pretty well tuned. # 23rd May 2009, 12:36 am

python-spidermonkey. A Python to JavaScript bridge using Mozilla Spidermonkey. Expose Python objects to JavaScript, or execute JavaScript from Python. # 14th May 2009, 3:56 pm

Google Earth in a browser (sort of), Scriptable, a quick peek and poke. Dan Catt on Google’s new browser plugin version of Google Earth... which conveniently exposes a JavaScript API to the browser in the form of the “ge” object, which can then be poked at interactively using Firebug. # 28th May 2008, 11:13 pm

QUnit. The jQuery unit testing framework is now documented and supported as a separate project. # 26th May 2008, 5:31 pm

AOP aspect of JavaScript with Dojo. Fantastic post—concisely explains Aspect Oriented Programming, then shows how Dojo’s dojox.lang.aspect brings AOP to JavaScript, including some really useful built-in aspects for logging, profiling and more. Aspects are like Python decorators on steroids. # 18th May 2008, 10:45 am

Dopplr place googlemaps, with and without Yahoo Geo API bounding box adjustment. Dopplr uses Geonames for most geo information, but is now mixing in bounding box data from the Yahoo! Geo web service to improve the default zoom level for their maps. The JSON callback API means no server-side code is required on Dopplr’s end. # 17th May 2008, 11:35 pm

Firebug Command Line API. Another thing I didn’t know about Firebug: you can set a breakpoint at the start of a function with “debug(fn)” and log all calls to it with “monitor(fn)”. # 16th May 2008, 12:14 pm

Cubescape. Beautiful isometric cube building tool by Cameron Adams, written in JavaScript and jQuery. # 15th May 2008, 8:40 am

Crossdomain.xml Invites Cross-site Mayhem. A useful reminder that crossdomain.xml files should be treated with extreme caution. Allowing access from * makes it impossible to protect your site against CSRF attacks, and even allowing from a “circle of trust” of domains can be fatal if just one of those domains has an XSS hole. # 15th May 2008, 8:06 am

Engineering @ Facebook: Facebook Chat. The new Facebook Chat uses Comet (long polling with a hidden iframe) against a custom web / chat server written in Erlang, designed to handle a launch to all 70 million users at once. It was tested using a “dark launch” period where live pages simulated chat request traffic without showing any visible UI. # 15th May 2008, 7:55 am

goog/useragent/iphoto.js. The Goog library includes code to detect the user’s installed version of iPhoto, based on reverse engineering the Gallery RSS feeds. This has Mark Pilgrim written all over it. # 14th May 2008, 9:21 pm

Doctype: /trunk/goog. Google’s newly released JavaScript library (pure JavaScript, so more along the lines of YUI and jQuery than GWT). I haven’t found the documentation for it yet, but the code is extremely well commented. UPDATE: The documentation is spread throughout Doctype. # 14th May 2008, 9:12 pm