Simon Willison’s Weblog

Blogmarks tagged javascript in Oct, 2008

Filters: Type: blogmark × Year: 2008 × Month: Oct × javascript ×


Yahoo, Caja, OpenSocial. Yahoo!’s new application platform uses OpenSocial, and protects itself from malicious JavaScript using Google’s Caja secure JavaScript engine. I hadn’t realised that Caja was ready for production use—this is excellent news. # 30th October 2008, 5:14 pm

JSSpeccy. A ZX Spectrum emulator written in Javascript. # 29th October 2008, 5:25 pm

typeface.js. Outstanding hack—renders custom fonts using VML in IE and canvas in everything else, using fonts that are defined as a set of vector paths stored using JSON. # 27th October 2008, 11:45 pm

Freebase Hack Day. I’m finding Freebase increasingly interesting at the moment, and their public hack day on the 8th November in San Francisco looks like it could be a lot of fun. They’ll be previewing Acre, a new server-side JavaScript application platform targeted at building Freebase powered applications. Hit “view source” at the bottom of the hack day site to see what an Acre app looks like. # 24th October 2008, 12:06 am

CSSHttpRequest (via) Devious cross-domain Ajax hack that uses CSS for transport (@import rules with data URIs, but it still works in IE). Similar to JSONP but safer, since JSONP can cause arbitrary JavaScript to execute. # 23rd October 2008, 6:25 pm

FriendFeed launch a real-time API. This is huge: JSONP plus long polling Comet, with “everything since X” tokens to ensure you don’t miss anything. This is the first open Comet API I’ve seen anywhere. Combine this with FriendFeed’s regular API (which allows arbitrary message posting) and you’ve got a really powerful tool for hackers who want to experiment with Comet without rigging up their own infrastructure. # 22nd October 2008, 2:18 pm

Private Messages with cometD Chat. cometd-java (a Java servlet reference implementation of the Bayeux protocol) can be extended with BayeuxService subclasses that run within the server itself. # 16th October 2008, 2:14 pm

Page Inlink Analyzer (via) Here’s why I’m so keen on JSONP APIs—Eric Miraglia’s tool fires off dozens of cross-domain JSON requests to pull together information about inbound links to your site from Yahoo! Site Explorer and del.icio.us. I imagine it would have been uneconomic for him to provide the tool if it had to proxy every request through his own server. # 15th October 2008, 5:23 pm

Browser Paint Events. The latest Firefox nightlies include a new MozAfterPaint event which fires after a portion of the page has been redrawn and provides co-ordinates of the affected rectangle. John Resig provides a neat bookmarklet that uses the new event to visualise repainting operations. # 14th October 2008, 1:08 pm

Antisocial. Matt Westcott (a.k.a. Gasman) provides some technical background to his awesome Antisocial 3D canvas demo. # 9th October 2008, 6:42 pm

Antisocial: a Javascript demo by Gasman. The demo is cool (3D on top of canvas); the “demotool” editor is simply amazing. # 8th October 2008, 3 pm

Dealing with UI redress vulnerabilities inherent to the current web (via) The best explanation of clickjacking I’ve seen yet, complete with discussion of a number of non-ideal potential solutions. It looks like frame busting JavaScript will defeat it, but only for users who have JavaScript enabled—which means that in this case extensions like NoScript actually make you less safe. UPDATE: NoScript is smarter than I thought; see the comments. # 7th October 2008, 9:59 am

Tweetersation. Nat and my latest side project: a JSONP API powered tool to more easily follow conversations between people on Twitter, by combining their tweets in to a single timeline. # 2nd October 2008, 5:08 pm

Google’s Wikipedia and Panoramio layers are now available in the API. I really like their use of reverse domain style identifiers for the layer IDs: map.addOverlay(new GLayer(“org.wikipedia”)); # 2nd October 2008, 11:59 am