Simon Willison’s Weblog

49 items tagged “firefox”

Boiling the Ocean, Incrementally—How Stylo Brought Rust and Servo to Firefox. Firefox Quantum is the product of an impressive, highly risky chain of software engineering—Rust, Servo, then Stylo. # 28th November 2017, 8:34 pm

Firefox Debugger Playground. Excellent hands-on tutorial to using the Firefox JavaScript debugger. I learned a bunch of neat tricks from this—including using conditional breakpoints to add temporary console.log statements—since that function returns undefined it won’t pause your code, but this saves you from having to remember to remove the lines from your source code later. I also didn’t know that the Firefox debugger can show the value of variables in paused code if you hover over them in the source pane. [UPDATE: Turns out Chrome DevTools do this as well—TIL] # 28th November 2017, 4:01 pm

Verified cryptography for Firefox 57 (via) Mozilla just became the first browser vendor to ship a formally verified crypto implementation. # 16th November 2017, 2:26 pm

Entering the Quantum Era—How Firefox got fast again and where it’s going to get faster. I’ve been trying out the beta of Firefox 57 and it’s fantastic. All of that work on Servo and Rust is definitely paying off! # 13th November 2017, 4:34 pm

Saying Goodbye to Firebug. Firebug has reached end-of-life as a separate extension, replaced by the built-in Firefox Developer Tools. It’s hard to overstate how influential Firebug has been in helping to turn front-end web development into a respected and productive engineering discipline. # 24th October 2017, 10:38 pm

What data structures are used to implement the DOM tree?

You may enjoy this post from Hixie back in 2002 which illustrates how different browsers deal with incorrectly nested HTML. IE6 used to create a tree that wasn’t actually a tree! http://ln.hixie.ch/?start=103791...

[... 49 words]

Plugging the CSS History Leak (via) Firefox is fixing the nefarious CSS visited link colour history leak flaw, which currently affects all browsers and allows a malicious site to determine if you have visited a specific site by checking getComputedStyle against a link to that page. It’s an obtrusive but necessary fix—visited link styles will be restricted to colour and border styles (no background images and hence no more checkbox effects since the image request could leak information) and those colours will not be reported via getComputedStyle. I hope other browser vendors follow suit. # 31st March 2010, 8:01 pm

HTML 5 audio player demo. Scott Andrew’s experiments with the HTML5 audio element (and jQuery)—straight forward and works a treat in Safari, but Firefox doesn’t support MP3. Presumably it’s not too hard to set up a fallback for Ogg. # 1st February 2010, 9:58 am

HTML 5 Parsing. Firefox nightlies include a new parser that implements the HTML5 parsing algorithm (disabled by default), which uses C++ code automatically generated from Henri Sivonen’s Java parser first used in the HTML5 validator. # 11th July 2009, 11:36 pm

Firefox 3.5 for developers. It’s out today, and the feature list is huge. Highlights include HTML 5 drag ’n’ drop, audio and video elements, offline resources, downloadable fonts, text-shadow, CSS transforms with -moz-transform, localStorage, geolocation, web workers, trackpad swipe events, native JSON, cross-site HTTP requests, text API for canvas, defer attribute for the script element and TraceMonkey for better JS performance! # 30th June 2009, 6:08 pm

Browsing my browsing. Roo Reynolds used the MeeTimer Firefox extension to gather statistics on his browsing habits, then extracted data directly from the SQLite database and generated his own graphs using PHP and the canvas element. # 10th April 2009, 8:48 am

Pwn2Own trifecta: Hacker exploits IE8, Firefox, Safari. You just can’t trust browser security: Current versions of Safari, IE8 and Firefox all fell to zero-day flaws at an exploit competition. None of the vulnerabilities have been disclosed yet. # 19th March 2009, 3:30 pm

Magic properties make Firefox synchronously load the Java plugin. Even defining a function called sun() (or several other symbols) will trigger the Java VM to be loaded, dramatically hurting the performance of your page. # 27th February 2009, 4:03 pm

Open in Browser Firefox Add-on (via) Solves the “application/json wants to download” problem, among others. # 9th February 2009, 10:24 pm

FireScope. Neat little Firefox / Firebug extension which adds a “Reference” tab showing documentation for the selected element from the comprehensive SitePoint Reference site. # 5th February 2009, 10:51 pm

ReferenceError: console is not defined. Since Firebug 1.2 you need to call window.loadFirebugConsole() in order for console.log and friends to work. # 23rd December 2008, 10:22 pm

Browser Paint Events. The latest Firefox nightlies include a new MozAfterPaint event which fires after a portion of the page has been redrawn and provides co-ordinates of the affected rectangle. John Resig provides a neat bookmarklet that uses the new event to visualise repainting operations. # 14th October 2008, 1:08 pm

querySelectorAll in Firefox 3.1. John Resig benchmarks the various JavaScript libraries’ support for querySelelectorAll, and finds an impressive 2-6x performance improvement over native DOM traversal. It’s worth clicking through to John’s experimental plugin for adding support to jQuery, which does a clever trick using __proto__ to convert the collection returned by querySelectorAll in to a jQuery object in browsers that support it. # 21st August 2008, 9:50 am

eval() Kerfuffle. The ability to read supposedly private variables in Firefox using a second argument to eval() will be removed in Firefox 3.1. # 2nd July 2008, 9:24 pm

Javascript protocol fuzz results. If your HTML sanitizer uses blacklisting rather than whitelisting here are a few more weird ways of injecting javascript: in to a link that you need to worry about—but you should really switch to whitelisting http:// and https:// instead. # 30th June 2008, 3:57 pm

Module Pattern Provides No Privacy... at least not in JavaScript(TM) (via) JavaScript variables hidden inside a closure aren’t as hidden as I thought—it turns out you can pass a closure as the second argument to eval (at least in Firefox) and “steal” private variables back out of it. # 27th June 2008, 7:01 pm

Facebook Open Platform. Facebook have open-sourced (under a modified MPL, does it still fit the OSI definition?) the code for the Facebook Platform, including their implementations of FBML, FQL and FBJS. This is no small release; the tarball weighs in at 40MB and includes libfbml, which depends on Firefox 2.0.0.4 for its HTML parser! # 3rd June 2008, 12:21 am

Reading binary files using Ajax. There’s a simple trick for Firefox, and (amazingly) you can get IE to play along using a function written in VBScript. # 22nd April 2008, 7:02 pm

Cross-Window Messaging. Now in Firefox 3 trunk, the HTML 5 specified ability for JavaScript to send messages between windows (or iframes) hosted on different domains. Fantastically powerful, but must be implemented with care to avoid accidentally processing bad messages from malicious third parties. # 10th February 2008, 12 pm

Cross-Site XMLHttpRequest (via) “Firefox 3 implements the W3C Access Control working draft, which gives you the ability to do XMLHttpRequests to other web sites”—you can mark a document as available for cross-domain requests using either an Access-Control HTTP header or an XML processing instruction. # 9th January 2008, 11:57 pm

I don’t even use Firefox and Firebug anymore, the revised Web Inspector in Leopard has been incorporated in Coda and that does everything I need and more.

Jon Hicks # 20th December 2007, 3:09 pm

Jash: JavaScript Shell (via) An advanced JavaScript interactive shell bookmarklet that works in IE, Firefox, Opera and Safari. # 9th December 2007, 12:36 pm

google-axsjax (via) “The AxsJAX framework can inject accessibility enhancements into existing Web 2.0 applications using any of several standard Web techniques”—including bookmarklets and Greasemonkey. The enhancements conform to W3C ARIA, supported by Firefox 2.0 and later. # 14th November 2007, 5:18 pm

In the long term, I want to replace JavaScript and the DOM with a smarter, safer design. In the medium term, I want to use something like Google Gears to give us vats with which we can have safe mashups. But in the short term, I recommend that you be using Firefox with No Script. Until we get things right, it seems to be the best we can do.

Douglas Crockford # 7th November 2007, 3:36 pm

YSlow: Bug (fix) in Firebug’s Net Panel. The latest release of the YSlow page analysis plugin (announced at FOWA) also fixes a misleading bug in Firebug’s Net panel. # 5th October 2007, 10:26 pm