Simon Willison’s Weblog

Entries tagged javascript in 2010

Filters: Type: entry × Year: 2010 × javascript ×


What are the best alternatives to JavaScript when writing web applications?

CoffeeScript is rather nice—it compiles to non-obfuscated JavaScript.

[... 27 words]

Why do browsers allow cross-domain JavaScript to execute but not XMLHttpRequests?

It’s called the Same Origin Policy, and it’s principally about intranets. Imagine you have a URL http://intranet.corp/top-secret-...—and you then visit http://evil.example.com/ . If cross domain XHR was allowed the evil site could suck that secret document off your intranet without you realising.

[... 105 words]

What is the best JS library for automated cropping?

Not entirely clear what you’re looking for, but if you mean a UI tool for letting people resize and crop an image Jcrop is really nice http://deepliquid.com/content/Jc...

[... 43 words]

Why do some websites implement their logout link as a form post via JavaScript versus a plain old GET request?

Probably because if you implement logout as a GET action, I can force you to log out of a site by tricking you in to visiting a page with an <img src="http://yoursite.com/logout/" width="1" height="1"> element on it.

[... 64 words]

What companies are using Node.js in production in Texas?

There’s a list on this page: https://github.com/joyent/node/w...

[... 23 words]

Why don’t more people use Google Web Toolkit for web development as opposed to scripting alternatives like JavaScript?

I’m morally opposed to GWT, because I don’t believe in building sites or applications that are entirely dependent on JavaScript to function. As someone who took the time to learn JavaScript, I’m also not at all convinced that Java is a more productive language.

[... 68 words]

Why do so few companies use the Dojo Toolkit?

Dojo is fantastic software, but it does a lot more than the other libraries and consequently has a much higher learning curve. It’s advanced features may serve as something of a disadvantage for achieving more widespread adoption—most developers don’t need the more advanced abstractions provided by Dojo when they start their projects, and by the time they DO need that stuff they’ve already written a ton of code using another library!

[... 88 words]

Is there a modern, tested, reliable, standalone onDomReady function that isn’t part of a larger library?

I’ve just noticed that the original comment thread on Dean Edwards blog from 2006 is still open, and a comment by byron from January 2010 has a promising looking candidate: http://dean.edwards.name/weblog/...

[... 54 words]

Why are XSS attacks spreading like fire these days?

XSS attacks are common and easy, and crop up all the time. What’s new is that the number of people who are aware of the potential for XSS worms has increased hugely, so when an XSS does crop up in something popular there’s a much higher chance of someone turning it in to a worm (as happened with Twitter the other day).

[... 96 words]

What is the largest production deployment of Server Side JavaScript?

I believe Flickr used to use Rhino for scripting the image processing (resizing, thumbnailing, sharpening) that was applied to every single uploaded photo. No idea if that’s still the case though.

[... 47 words]

Why do some people disable JavaScript in their browser?

For security reasons.

[... 159 words]