Simon Willison’s Weblog

Subscribe
Atom feed for browsers

80 items tagged “browsers”

2009

Firefox 3.5 for developers. It’s out today, and the feature list is huge. Highlights include HTML 5 drag ’n’ drop, audio and video elements, offline resources, downloadable fonts, text-shadow, CSS transforms with -moz-transform, localStorage, geolocation, web workers, trackpad swipe events, native JSON, cross-site HTTP requests, text API for canvas, defer attribute for the script element and TraceMonkey for better JS performance!

# 30th June 2009, 6:08 pm / firefox, html5, dragndrop, audio, video, offlineresources, fonts, textshadow, csstransforms, localstorage, geolocation, webworkers, json, crossdomain, canvas, tracemonkey, javascript, performance, browsers, mozilla, firefox35

Google asked people in Times Square:“What is a browser?”. Stuff like this makes me despair for creating a secure web—what chance do people have of surfing safely if they don’t understand browsers, web sites, operating systems, DNS, URLs, SSL, certificates...

# 20th June 2009, 1:25 am / security, usability, browsers, realhumans, google

Changes in Opera’s user agent string format (via) How depressing... Opera 10 will ship with 9.80 in the User-Agent string because badly written browser sniffing scripts can’t cope with double digits.

# 28th May 2009, 1:16 am / opera, browsersniffing, browsers, useragent

Critical Mac OS X Java Vulnerabilities. There’s a five month old Java arbitrary code execution vulnerability which hasn’t yet been patched by Apple. Disable Java applets in your browser until it’s fixed, or random web pages could execute commands on your machine as your user account.

# 19th May 2009, 7:07 pm / osx, security, java, applets, browsers, apple

Cross Browser Base64 Encoded Images Embedded in HTML (via) Scarily clever. View the PHP source to see what’s going on—most browsers get image tags that use data URIs starting with data:image/png;base64, but IE gets served a Content-type:message/rfc822 header and a MIME formatted multipart/related document, as used by e-mail clients to embed inline image attachments.

# 17th April 2009, 4:12 pm / hedger-wang, base64, browsers, ie, internet-explorer, mime, php

10 Cool Things We’ll Be Able To Do Once IE6 Is Dead. Highlights include child and attribute selectors, 24bit PNGs and max-width and min-width. Simple pleasures, but I can hardly wait.

# 15th April 2009, 2:17 pm / ie6, maxwidth, browsers, minwidth, css, pngs, selectors, standards, brothercake

cufon. A promising alternative to sIFR, cufon uses VML on IE and canvas on other browsers to render custom fonts in the browser. You have to convert your font to JavaScript first, either using their free hosted tool or by installing the FontForge based server-side script yourself. The JavaScript encoded font file uses VML primitives to improve IE performance; the JavaScript library converts that to canvas calls for other, faster browsers.

# 6th April 2009, 10:29 pm / cufon, browsers, fonts, vml, ie, fontforge, sifr, typography, canvas, javascript

Pwn2Own trifecta: Hacker exploits IE8, Firefox, Safari. You just can’t trust browser security: Current versions of Safari, IE8 and Firefox all fell to zero-day flaws at an exploit competition. None of the vulnerabilities have been disclosed yet.

# 19th March 2009, 3:30 pm / pwn2own, browsers, security, firefox, safari, ie, ie8

CSRF is not a security issue for the Web. A well-designed Web service should be capable of receiving requests directed by any host, by design, with appropriate authentication where needed. If browsers create a security issue because they allow scripts to automatically direct requests with stored security credentials onto third-party sites, without any user intervention/configuration, then the obvious fix is within the browser.

Roy Fielding

# 23rd January 2009, 8:14 am / royfielding, csrf, security, credentials, browsers

2008

Getting OpenID Into the Browser. David Recordon makes the case for online identity management as a key browser feature (I like the “your browser is currently locked” concept), and argues that Gears is in a great position to deliver it.

# 3rd December 2008, 10 am / gears, david-recordon, identity, browsers, openid

The March of Access Control. The W3C Access Control specification is set to become a key technology in enabling secure cross-domain APIs within browsers, and since it addresses a legitimate security issue on the web I hope and expect it will be rolled out a lot faster than most other specs.

# 19th November 2008, 8:40 am / accesscontrol, john-resig, ie, browsers, security, crossdomain

and now... Opera. Jon Hicks is joining Opera as Senior Designer. I absolutely cannot wait to see what he comes up with there.

# 9th October 2008, 6:39 pm / jon-hicks, opera, design, browsers

The greatest coup Microsoft pulled with Internet Explorer was putting the word "Internet" in its name. It sits there, on the desktop of every new Windows computer, and it says "Internet". So you click it. [...] What better way to beat a browser with the word "Internet" in its name - a browser that seemingly can't be beat no matter how hard we try - than the Internet Company itself making a browser?

Tom Armitage

# 3rd September 2008, 10:19 am / microsoft, tom-armitage, google, browsers, ie, chrome

Chromium. Google Chrome is out! Here’s the open source project, including the code for the new V8 JavaScript virtual machine.

# 2nd September 2008, 9:06 pm / google, browsers, open-source, v8, javascript, chromium, chrome

A browser sniffing warning: The trouble with Acid3 and TinyMCE. Opera recommend “bug detection”, a step up from object detection and browser sniffing where your JavaScript includes mini unit test style fragments of code designed to test if buggy behaviour you are working around still affects the user’s browser.

# 4th July 2008, 8:24 am / bugdetection, javascript, object, browsers, opera, objectdetection, browsersniffing, acid3, tinymce

When Bugs Collide: Fixing Text Dimming in Firefox 2. Handy tips from Drew on fixing the glitchy text rendering in Firefox 2 when you animate opacity without breaking alpha-transparent PNGs in IE6.

# 19th June 2008, 6:09 pm / javascript, jquery, firefox2, ie6, drew-mclellan, css, bugs, browsers, opacity, pngs

If we see good usage, we can work with browser vendors to automatically ship these libraries. Then, if they see the URLs that we use, they could auto load the libraries, even special JIT'd ones, from their local system. Thus, no network hit at all!

Dion Almaer

# 27th May 2008, 5:58 pm / dion-almaer, ajax, libraries, google, browsers

Flirting with mime types [PDF] (via) Different browsers have different rules for which content types will be treated as active content (and hence could be vectors for XSS attacks). IE uses a blacklist rather than a whitelist and hence rendered active content for 696 of the tested content types.

# 14th April 2008, 8:18 am / ie, internet-explorer, browsers, contenttypes, security, xss

Happy Run Some Old Web Browsers Day! jwz has recreated home.mcom.com, the original home of the Mosaic Communications Corporation, using a snapshot from 21st October 1994 and a domain borrowed from current owner AOL. Also includes instructions on running 1994 Mosaic Netscape binaries under a modern Linux distro.

# 31st March 2008, 5:54 pm / aol, jwz, mosaic, history, linux, netscape, browsers

Ian's Acid 3, unlike its predecessors, is not about establishing a baseline of useful web capabilities. It's quite explicitly about making browser developers jump - Ian specifically sought out tests that were broken in WebKit, Opera, and Gecko, perhaps out of a twisted attempt at fairness. But the Acid tests shouldn't be fair to browsers, they should be fair to the web; they should be based on how good the web will be as a platform if all browsers conform, not about how far any given browser has to stretch to get there.

Mike Shaver

# 27th March 2008, 1:35 pm / mike-shaver, acid3, ian-hickson, webkit, opera, gecko, browsers, web-standards

Opera and the Acid3 Test. Screenshot shows 100/100 (live code or it didn’t happen!)—Opera’s codebase must be in extremely good shape to fix so many issues so quickly.

# 26th March 2008, 10:47 pm / opera, browsers, acid3, web-standards

IE8 speeds things up. Steve Souders notes that IE8 downloads script files in parallel before executing them sequentially, giving it a significant speed boost over other browsers that download sequentially.

# 11th March 2008, 5:42 am / ie8, steve-souders, browsers, performance

Sunsetting Quirks Mode. Apparently proper standards support in IE (or at least the IE8 renderer) will be triggered by the HTML5 doctype, providing an alternative to those who don’t wish to pollute their markup with an IE-specific meta tag.

# 23rd January 2008, 2:56 pm / html5, doctypes, browsers, xuacompatible, internet-explorer, ie8, sam-ruby

Legacy. James Bennett has what I think is the most interesting analysis of the X-UA-Compatible header to date.

# 23rd January 2008, 2:14 pm / james-bennett, xuacompatible, internet-explorer, ie8, browsers, web-standards

If Web authors actually use this feature, and if IE doesn't keep losing market share, then eventually this will cause serious problems for IE's competitors — instead of just having to contend with reverse-engineering IE's quirks mode and making the specs compatible with IE's standards mode, the other browser vendors are going to have to reverse engineer every major IE browser version, and end up implementing these same bug modes themselves.

Ian Hickson

# 23rd January 2008, 10:07 am / ian-hickson, hixie, internet-explorer, ie8, xuacompatible, web-standards, browsers

<META HTTP-EQUIV="X-BALL-CHAIN">. Mozilla hacker Robert O’Callahan discusses the technical implications of freezing copies of older rendering engines, including the increased footprint and the terrifying prospect of documents in different rendering modes communicating through iframes and the DOM.

# 22nd January 2008, 6:55 pm / roberto-callahan, ie8, dom, mozilla, browsers, xuacompatible

The versioning switch is not a browser detect. PPK: “In other words, the versioning switch does not have any of the negative effects of a browser detect.”

# 22nd January 2008, 4:34 pm / ppk, web-standards, browserdetect, browsers, doctypeswitching, ie8, internet-explorer, xuacompatible

Like DOCTYPE switching did in 2000, version targeting negates the vendor argument that existing behaviors can't be changed for fear of breaking web sites. If IE8 botches its implementation of some CSS property or DOM method, the mistake can be fixed in IE9 without breaking sites developed in the IE8 era. This actually makes browser vendors more susceptible to pressure to fix their bugs, and less fearful of doing so.

Eric Meyer

# 22nd January 2008, 2:24 pm / eric-meyer, doctypeswitching, ie8, browsers, internet-explorer, xuacompatible, web-standards

Beyond DOCTYPE: Web Standards, Forward Compatibility, and IE8. This has huge implications for client-side web developers: IE 8 will include the ability to mark a page as “tested and compatible with the IE7 rendering engine” using an X-UA-Compatible HTTP header or http-equiv meta element. It’s already attracting a heated debate in the attached discussion.

# 22nd January 2008, 12:40 pm / ie8, internet-explorer, browsers, http, web-standards, xuacompatible