It’s called the Same Origin Policy, and it’s principally about intranets. Imagine you have a URL http://intranet.corp/top-secret-...—and you then visit http://evil.example.com/ . If cross domain XHR was allowed the evil site could suck that secret document off your intranet without you realising.[... 105 words]
Not entirely clear what you’re looking for, but if you mean a UI tool for letting people resize and crop an image Jcrop is really nice http://deepliquid.com/content/Jc...[... 43 words]
jQuery 1.4.3 Released. Once again, the thing that impresses me most about this jQuery release is how stable the core API is. Hardly any new methods added, but the existing methods are made faster, more flexible and more predictable. The same as been true for the past several releases as well. It just keeps getting more and more polished. # 17th October 2010, 12:15 am
Probably because if you implement logout as a GET action, I can force you to log out of a site by tricking you in to visiting a page with an <img src="http://yoursite.com/logout/" width="1" height="1"> element on it.[... 64 words]
JS had to “look like Java” only less so, be Java’s dumb kid brother or boy-hostage sidekick. Plus, I had to be done in ten days or something worse than JS would have happened.
There’s a list on this page: https://github.com/joyent/node/w...[... 23 words]
Dojo is fantastic software, but it does a lot more than the other libraries and consequently has a much higher learning curve. It’s advanced features may serve as something of a disadvantage for achieving more widespread adoption—most developers don’t need the more advanced abstractions provided by Dojo when they start their projects, and by the time they DO need that stuff they’ve already written a ton of code using another library![... 88 words]
Is there a modern, tested, reliable, standalone onDomReady function that isn’t part of a larger library?
I’ve just noticed that the original comment thread on Dean Edwards blog from 2006 is still open, and a comment by byron from January 2010 has a promising looking candidate: http://dean.edwards.name/weblog/...[... 54 words]
XSS attacks are common and easy, and crop up all the time. What’s new is that the number of people who are aware of the potential for XSS worms has increased hugely, so when an XSS does crop up in something popular there’s a much higher chance of someone turning it in to a worm (as happened with Twitter the other day).[... 96 words]
I believe Flickr used to use Rhino for scripting the image processing (resizing, thumbnailing, sharpening) that was applied to every single uploaded photo. No idea if that’s still the case though.[... 47 words]
For security reasons.[... 159 words]
canto.js: An Improved HTML5 Canvas API (via) Improved is an understatement: canto adds jQuery-style method chaining, the ability to multiple coordinates to e.g. lineTo at once, relative coordinate methods (regular Canvas does everything in terms of absolute coordinates), the ability to use degrees instead of radians, a rounded corner shortcut, a more convenient .revert() method and a simple parser that can understand SVG path expressions! The only catch: it uses getters and setters so won’t work in IE. # 29th July 2010, 9:39 am
Multi-node: Concurrent NodeJS HTTP Server. Kris Zyp’s library for spawning multiple Node child processes (one per core is suggested) for concurrent request handling, taking advantage of Node’s child_process module. This alleviates the need to run multiple Node instances behind an nginx load balancer in order to take advantage of multiple cores. # 15th July 2010, 8:22 am
getlatlon.com commit dae961a... I’ve finally added an OpenStreetMap tab to getlatlon.com—here’s the diff, it turns out adding a custom OpenStreetMap layer to an existing Google Maps application only takes a few lines of boilerplate code. # 10th July 2010, 12:22 pm
jQuery.queueFn. “Execute any jQuery method or arbitrary function in the animation queue”. I’m surprised this isn’t baked in to jQuery itself—the plugin is only a few lines of code. # 30th June 2010, 12:59 pm