Simon Willison’s Weblog

ReferenceError: console is not defined. Since Firebug 1.2 you need to call window.loadFirebugConsole() in order for console.log and friends to work. # 23rd December 2008, 10:22 pm

Quickchoice—a Speed Dial clone (via) Lovely demonstration of the CSS transform property, as supported by modern browsers. The magic is all in the iframe { transform: scale(0.25, 0.25) translate(-1200px, -900px) } # 23rd December 2008, 12:49 pm

jQuery: Changeset 5990. “Added a new liveQuery/event delegation hybrid method”. Lets you add events that continue to work as new elements are dynamically appended to the DOM, e.g. $(’div p.foo’).live(’click’, fn). Works by adding an event handler to the root document element itself and relying on event bubbling. I have to admit I preferred the earlier proposal of $(’div’).delegate(’p.foo’..), which feels like it should have much better performance—anyone know of a good plugin that supports this? # 23rd December 2008, 12:22 pm

jQuery changeset 5985 (via) jQuery trunk has ditched browser sniffing in favour of feature testing, where a small suite of unit-test-like code blocks is used to detect whether a browser supports specific idioms. If the tests fail jQuery still makes assumptions about what the fix is, but it’s not hard to imagine the library eventually using code tests to ensure the fix will work as well. # 22nd December 2008, 10:58 am

Integrating Facebook Connect with Django in 15 minutes. Django authentication middleware that calls the Facebook REST API using a cookie set by Facebook Connect and checks if that person is your Facebook friend. Despite most of the magic happening on the server you still need Facebook’s JavaScript to set that cookie in the first place. # 17th December 2008, 1:18 pm

husk.org. a flickr machine tag browser (via) Flickr recently added API methods for exploring the machine tags used by the community. Paul Mison has built a neat OS X Finder style interface for exploring them, using JSONP and jQuery. # 15th December 2008, 11:24 pm

Visual Event. External code loading bookmarklet that visualises the JavaScript events hooked up to the current page, and lets you view the source code of the event handling function for each one. Only works for events added by jQuery, YUI or MooTools since those libraries maintain a cache of event handlers that they add, to work around the standard DOM’s omission of handler introspection. # 10th December 2008, 3:38 pm

Internet explorer mystery #1376. IE executes function definitions inside an “if (0)” block. That frightens me. # 3rd December 2008, 9:04 am

lightningtimer.net. I’m fed up of having to dig out or knock up a timer script every time I manage lightning talks, so I’ve given one a domain name. You can use lightningtimer.net/#90 to set a different start time for the counter. # 12th November 2008, 4:43 pm

Introducing Acre. I’m losing track of all the server-side JavaScript hosted web application platforms now. Here’s the Freebase contribution to the genre, complete with IDE, templating language and strong integration with Freebase itself. # 7th November 2008, 11:23 pm

jQuery history plugin. I used this plugin to add back button support to a small Ajax app today, with great results. I tried it a while ago and it didn’t work in Safari, but someone has updated it since and now it works perfectly. # 7th November 2008, 5:32 pm

Yahoo, Caja, OpenSocial. Yahoo!’s new application platform uses OpenSocial, and protects itself from malicious JavaScript using Google’s Caja secure JavaScript engine. I hadn’t realised that Caja was ready for production use—this is excellent news. # 30th October 2008, 5:14 pm

JSSpeccy. A ZX Spectrum emulator written in Javascript. # 29th October 2008, 5:25 pm

typeface.js. Outstanding hack—renders custom fonts using VML in IE and canvas in everything else, using fonts that are defined as a set of vector paths stored using JSON. # 27th October 2008, 11:45 pm

Freebase Hack Day. I’m finding Freebase increasingly interesting at the moment, and their public hack day on the 8th November in San Francisco looks like it could be a lot of fun. They’ll be previewing Acre, a new server-side JavaScript application platform targeted at building Freebase powered applications. Hit “view source” at the bottom of the hack day site to see what an Acre app looks like. # 24th October 2008, 12:06 am

CSSHttpRequest (via) Devious cross-domain Ajax hack that uses CSS for transport (@import rules with data URIs, but it still works in IE). Similar to JSONP but safer, since JSONP can cause arbitrary JavaScript to execute. # 23rd October 2008, 6:25 pm

FriendFeed launch a real-time API. This is huge: JSONP plus long polling Comet, with “everything since X” tokens to ensure you don’t miss anything. This is the first open Comet API I’ve seen anywhere. Combine this with FriendFeed’s regular API (which allows arbitrary message posting) and you’ve got a really powerful tool for hackers who want to experiment with Comet without rigging up their own infrastructure. # 22nd October 2008, 2:18 pm

Private Messages with cometD Chat. cometd-java (a Java servlet reference implementation of the Bayeux protocol) can be extended with BayeuxService subclasses that run within the server itself. # 16th October 2008, 2:14 pm

Page Inlink Analyzer (via) Here’s why I’m so keen on JSONP APIs—Eric Miraglia’s tool fires off dozens of cross-domain JSON requests to pull together information about inbound links to your site from Yahoo! Site Explorer and del.icio.us. I imagine it would have been uneconomic for him to provide the tool if it had to proxy every request through his own server. # 15th October 2008, 5:23 pm

Browser Paint Events. The latest Firefox nightlies include a new MozAfterPaint event which fires after a portion of the page has been redrawn and provides co-ordinates of the affected rectangle. John Resig provides a neat bookmarklet that uses the new event to visualise repainting operations. # 14th October 2008, 1:08 pm

Antisocial. Matt Westcott (a.k.a. Gasman) provides some technical background to his awesome Antisocial 3D canvas demo. # 9th October 2008, 6:42 pm

Antisocial: a Javascript demo by Gasman. The demo is cool (3D on top of canvas); the “demotool” editor is simply amazing. # 8th October 2008, 3 pm

Dealing with UI redress vulnerabilities inherent to the current web (via) The best explanation of clickjacking I’ve seen yet, complete with discussion of a number of non-ideal potential solutions. It looks like frame busting JavaScript will defeat it, but only for users who have JavaScript enabled—which means that in this case extensions like NoScript actually make you less safe. UPDATE: NoScript is smarter than I thought; see the comments. # 7th October 2008, 9:59 am

Tweetersation. Nat and my latest side project: a JSONP API powered tool to more easily follow conversations between people on Twitter, by combining their tweets in to a single timeline. # 2nd October 2008, 5:08 pm

Google’s Wikipedia and Panoramio layers are now available in the API. I really like their use of reverse domain style identifiers for the layer IDs: map.addOverlay(new GLayer(“org.wikipedia”)); # 2nd October 2008, 11:59 am

freebase-suggest (via) A jQuery plugin that performs auto-completion against the Freebase JSONP API, and allows the results to be limited to specific categories or subsets. # 24th September 2008, 11:58 pm

Secure mashups with dojox.secure (via) dojox.secure is brilliant and terrifying at the same time. It provides a full featured API for running untrusted JavaScript in a sandbox, by parsing and validating that code against a variant of Douglas Crockford’s ADsafe JavaScript subset. It could be fantastically useful, but it’s difficult to judge how secure this approach really is. # 24th September 2008, 4:08 pm

When Ajax Attacks! Web application security fundamentals. Slides and notes from my talk on web application security at @media Ajax last Tuesday. # 20th September 2008, 4:16 pm