Simon Willison’s Weblog

Items tagged javascript in Sep

Filters: Month: Sep × javascript ×


Sqorn (via) JavaScript library for building SQL queries that makes really smart usage of ES6 tagged template literals. The magic of tagged template literals is that they let you intercept and process interpolated values, making them ideally suited to escaping parameters in SQL queries. Sqorn takes that basic ability and layers on some really interesting API design to allow you to further compose queries. # 19th September 2018, 6:34 pm

Tech Notes: TypeScript at Google (via) In which Evan Martin provides some fascinating colour on the state of JavaScript tooling within Google, which has some unique challenges given that Gmail is 14 years old now and Google have evolved their own internal JavaScript stack which differs widely from the rest of the industry (mainly because it predates most of the successful open source tools). “Which leads me to the middle path, which my little team has been pursuing: incrementally adopt some external tooling where it makes sense, by figuring out how to make it interoperate with our existing code base.” # 2nd September 2018, 7:08 pm

A tour of JavaScript timers on the web (via) Do you understand the differences between setTimeout, setInterval, setImmediate, requestAnimationFrame and requestIdleCallback? I didn’t. # 2nd September 2018, 10:10 am

What are the conference/meet-ups on JavaScript that accept guest speakers?

We have a crowdsourced list of JavaScript events that are accepting speaker submissions here: JavaScript conference calls for participation

[... 53 words]

Should a beginner to web development start out with Node.Js?

Maybe. One of the things I like about Node.js is that the raw abstraction it provides over HTTP is much closer to how the actual protocol works than the abstractions provided many of the more widely used frameworks such as PHP, Django or Rails. That might actually make it an effective learning tool—I’d be interested in hearing from some web developers who learnt Node.js as their first server-side technology.

[... 87 words]

How can you run image processing in cloud code (Parse) ? If parse is not the best

There are dozens of web-based image resizing APIs that could help with this. Check out http://www.imgix.com/ for example.

[... 42 words]

How difficult is to to learn a language framework, like node.js?

The answer varies enormously depending on the language and the framework. Some frameworks are very easy to pick up, others are harder.

[... 162 words]

Why are XSS attacks spreading like fire these days?

XSS attacks are common and easy, and crop up all the time. What’s new is that the number of people who are aware of the potential for XSS worms has increased hugely, so when an XSS does crop up in something popular there’s a much higher chance of someone turning it in to a worm (as happened with Twitter the other day).

[... 96 words]

The Web for me is still URLs and HTML. I don’t want a Web which can only be understood by running a JavaScript interpreter against it.

Me, on Twitter # 27th September 2010, 4:37 pm

YUI 3.0.0: First GA Release of YUI’s Next-Generation Codeline. YUI 3 has some very neat ideas—everything is dynamically loaded, so you start with a tiny bootstrap script and call YUI().use(’module-name’) to load just the code you need. Congratulations to the team. # 29th September 2009, 11:38 pm

Gmail for Mobile: Reducing Startup Latency. Cheeky iPhone optimisation trick—parsing 200 KB of JavaScript takes an iPhone 2.2 device 2.6 seconds, so Gmail embeds code components in /* comments */ in a script tag and evals them on demand later on when the features are needed. # 23rd September 2009, 10:29 pm

freebase-suggest (via) A jQuery plugin that performs auto-completion against the Freebase JSONP API, and allows the results to be limited to specific categories or subsets. # 24th September 2008, 11:58 pm

Secure mashups with dojox.secure (via) dojox.secure is brilliant and terrifying at the same time. It provides a full featured API for running untrusted JavaScript in a sandbox, by parsing and validating that code against a variant of Douglas Crockford’s ADsafe JavaScript subset. It could be fantastically useful, but it’s difficult to judge how secure this approach really is. # 24th September 2008, 4:08 pm

When Ajax Attacks! Web application security fundamentals. Slides and notes from my talk on web application security at @media Ajax last Tuesday. # 20th September 2008, 4:16 pm

Frame-Busting Gadgets. I’ve always been slightly suspicious of the Google Gadgets / OpenSocial idea of sandboxing untrusted third party content in an iframe. Sure enough, it turns out iframe busting scripts work in Gadgets, meaning a seemingly harmless gadget could potentially launch a phishing attack. # 17th September 2008, 11:23 pm

When Ajax Attacks! Web application security fundamentals. Slides and (other people’s) notes from my presentation at @media Ajax on Tuesday. # 17th September 2008, 11:18 pm

Gearshift. Whoa, a full migrations library written in JavaScript for Gears (which uses SQLite for its data store). # 15th September 2008, 2:51 pm

Prototype based programming in python. Neat implementation of JavaScript-style prototype inheritance in Python. # 11th September 2008, 5:50 pm

Dromaeo: JavaScript Performance Testing (via) This is one classy benchmark. Run it in as many browsers as you like (each run is saved to the server and assigned a run ID), then compare the results by appending ?id=[run1],[run2]... to the URL. # 11th September 2008, 4:06 pm

Cappuccino Web Framework. Now open source (LGPL)—the Objective-C-in-JavaScript web application toolkit from 280 North, who are speaking at this year’s FOWA in October. Beautiful logo. # 5th September 2008, 3:27 pm

V8 Design Elements. High level design details of Google’s V8 JavaScript engine, including how it uses “hidden classes” to optimise object property lookups and a bit of information on the machine code generation and garbage collection. # 2nd September 2008, 11:58 pm

Chromium. Google Chrome is out! Here’s the open source project, including the code for the new V8 JavaScript virtual machine. # 2nd September 2008, 9:06 pm

Google Chrome, the comic book (via) Google have finally announced a browser project, though it’s currently vapourware (or rather comicware), existing only as a Scott McCloud comic. Still, it looks fascinating—entirely open source, WebKit with a brand new JavaScript VM, every tab running in a separate process for smarter memory usage and some new UI concepts and anti-pishing measures thrown in as well. # 1st September 2008, 7:45 pm

I have another technique [...] that I’ll be switching jQuery to. If you attempt to insert into the document.body before the document is fully loaded, an exception is thrown. I take advantage of that to determine when the document is fully loaded.

John Resig # 26th September 2007, 12:21 pm

DOMContentLoaded for IE, Safari, everything, without document.write. Stuart has taken Hedger’s recent IE technique, combined it with the others and compressed it in to a short-as-possible code snippet that you can paste in to your scripts without having to include the whole of jQuery/YUI/Dojo/Prototype. # 26th September 2007, 12:19 pm

IEContentLoaded. An alternative method of detecting DOMContentLoaded on IE; works by polling until the doScroll() method on an unattached element stops throwing errors. # 24th September 2007, 12:10 pm

Hello JS-CTYPES, Goodbye Binary Components. Mark Finkle is porting Python’s ctypes functionality to the Mozilla platform, to allow binary XPCOM components to be defined in pure JavaScript. # 22nd September 2007, 11:57 pm

Apparently if you try to remove/destroy/trash a FORM dom node in IE6, it won’t delete it, instead creating a bizarre orphaned node stuck sucking up memory until the browser window is refreshed.

Jon Sykes # 20th September 2007, 1:04 pm

ActsAsUndoable. Lawrence Carvalho shows how robust undo functionality can be added to a JavaScript application through careful application of the Memento design pattern. # 18th September 2007, 3:51 pm

The Elements of JavaScript Style. Douglas Crockford illustrates better coding practises through refactoring of old code. # 13th September 2007, 8:22 am