689 items tagged “javascript”
2008
husk.org. a flickr machine tag browser (via) Flickr recently added API methods for exploring the machine tags used by the community. Paul Mison has built a neat OS X Finder style interface for exploring them, using JSONP and jQuery.
Visual Event. External code loading bookmarklet that visualises the JavaScript events hooked up to the current page, and lets you view the source code of the event handling function for each one. Only works for events added by jQuery, YUI or MooTools since those libraries maintain a cache of event handlers that they add, to work around the standard DOM’s omission of handler introspection.
Internet explorer mystery #1376. IE executes function definitions inside an “if (0)” block. That frightens me.
lightningtimer.net. I’m fed up of having to dig out or knock up a timer script every time I manage lightning talks, so I’ve given one a domain name. You can use lightningtimer.net/#90 to set a different start time for the counter.
Introducing Acre. I’m losing track of all the server-side JavaScript hosted web application platforms now. Here’s the Freebase contribution to the genre, complete with IDE, templating language and strong integration with Freebase itself.
jQuery history plugin. I used this plugin to add back button support to a small Ajax app today, with great results. I tried it a while ago and it didn’t work in Safari, but someone has updated it since and now it works perfectly.
Yahoo, Caja, OpenSocial. Yahoo!’s new application platform uses OpenSocial, and protects itself from malicious JavaScript using Google’s Caja secure JavaScript engine. I hadn’t realised that Caja was ready for production use—this is excellent news.
JSSpeccy. A ZX Spectrum emulator written in Javascript.
I'm really typecasting myself here. If there were an international "Person most likely to write a Spectrum emulator in Javascript" award, I'd have taken it for the last five years running.
typeface.js. Outstanding hack—renders custom fonts using VML in IE and canvas in everything else, using fonts that are defined as a set of vector paths stored using JSON.
Freebase Hack Day. I’m finding Freebase increasingly interesting at the moment, and their public hack day on the 8th November in San Francisco looks like it could be a lot of fun. They’ll be previewing Acre, a new server-side JavaScript application platform targeted at building Freebase powered applications. Hit “view source” at the bottom of the hack day site to see what an Acre app looks like.
CSSHttpRequest (via) Devious cross-domain Ajax hack that uses CSS for transport (@import rules with data URIs, but it still works in IE). Similar to JSONP but safer, since JSONP can cause arbitrary JavaScript to execute.
FriendFeed launch a real-time API. This is huge: JSONP plus long polling Comet, with “everything since X” tokens to ensure you don’t miss anything. This is the first open Comet API I’ve seen anywhere. Combine this with FriendFeed’s regular API (which allows arbitrary message posting) and you’ve got a really powerful tool for hackers who want to experiment with Comet without rigging up their own infrastructure.
Private Messages with cometD Chat. cometd-java (a Java servlet reference implementation of the Bayeux protocol) can be extended with BayeuxService subclasses that run within the server itself.
Page Inlink Analyzer (via) Here’s why I’m so keen on JSONP APIs—Eric Miraglia’s tool fires off dozens of cross-domain JSON requests to pull together information about inbound links to your site from Yahoo! Site Explorer and del.icio.us. I imagine it would have been uneconomic for him to provide the tool if it had to proxy every request through his own server.
Browser Paint Events. The latest Firefox nightlies include a new MozAfterPaint event which fires after a portion of the page has been redrawn and provides co-ordinates of the affected rectangle. John Resig provides a neat bookmarklet that uses the new event to visualise repainting operations.
Antisocial. Matt Westcott (a.k.a. Gasman) provides some technical background to his awesome Antisocial 3D canvas demo.
Antisocial: a Javascript demo by Gasman. The demo is cool (3D on top of canvas); the “demotool” editor is simply amazing.
Dealing with UI redress vulnerabilities inherent to the current web (via) The best explanation of clickjacking I’ve seen yet, complete with discussion of a number of non-ideal potential solutions. It looks like frame busting JavaScript will defeat it, but only for users who have JavaScript enabled—which means that in this case extensions like NoScript actually make you less safe. UPDATE: NoScript is smarter than I thought; see the comments.
Tweetersation. Nat and my latest side project: a JSONP API powered tool to more easily follow conversations between people on Twitter, by combining their tweets in to a single timeline.
Google’s Wikipedia and Panoramio layers are now available in the API. I really like their use of reverse domain style identifiers for the layer IDs: map.addOverlay(new GLayer(“org.wikipedia”));
freebase-suggest (via) A jQuery plugin that performs auto-completion against the Freebase JSONP API, and allows the results to be limited to specific categories or subsets.
Secure mashups with dojox.secure (via) dojox.secure is brilliant and terrifying at the same time. It provides a full featured API for running untrusted JavaScript in a sandbox, by parsing and validating that code against a variant of Douglas Crockford’s ADsafe JavaScript subset. It could be fantastically useful, but it’s difficult to judge how secure this approach really is.
When Ajax Attacks! Web application security fundamentals. Slides and notes from my talk on web application security at @media Ajax last Tuesday.
Frame-Busting Gadgets. I’ve always been slightly suspicious of the Google Gadgets / OpenSocial idea of sandboxing untrusted third party content in an iframe. Sure enough, it turns out iframe busting scripts work in Gadgets, meaning a seemingly harmless gadget could potentially launch a phishing attack.
When Ajax Attacks! Web application security fundamentals. Slides and (other people’s) notes from my presentation at @media Ajax on Tuesday.
Gearshift. Whoa, a full migrations library written in JavaScript for Gears (which uses SQLite for its data store).
Prototype based programming in python. Neat implementation of JavaScript-style prototype inheritance in Python.
Dromaeo: JavaScript Performance Testing (via) This is one classy benchmark. Run it in as many browsers as you like (each run is saved to the server and assigned a run ID), then compare the results by appending ?id=[run1],[run2]... to the URL.
Cappuccino Web Framework. Now open source (LGPL)—the Objective-C-in-JavaScript web application toolkit from 280 North, who are speaking at this year’s FOWA in October. Beautiful logo.