Simon Willison’s Weblog

563 items tagged “javascript”

Can you mark items on a website as ’unread’ without cookies?

It’s not very exciting, but CSS will let you set different styles for visited vs unvisited links and the technique has worked reliably since the mid 1990s.

[... 44 words]

How difficult is to to learn a language framework, like node.js?

The answer varies enormously depending on the language and the framework. Some frameworks are very easy to pick up, others are harder.

[... 162 words]

What is a good cat name that relates to JavaScript?

I have two friends with cats that have names related to JavaScript. One is called “JavaScript” and the other is called “Widget”.

[... 38 words]

Wouldn’t an ASCII cellular automaton in javascript be the simplest starting point to teach/learn programming?

Absolutely not. The first step in learning to program is understanding that a computer can be quickly made to do something useful by executing lines of code. Personally I’m a big fan of firing up something with an interactive prompt (like Python, or even Firebug or the Google Chrome JS console) and demonstrating that typing a line of code hitting return will get a useful response.

[... 87 words]

How do you change page content and URL without reloading the whole page?

This can only be done using JavaScript. You use XMLHttpRequest to pull in new information from the server (also known as Ajax—most people use a JavaScript library such as jQuery to handle this) and then use the HTML5 history API, in particular the pushState method, to update the URL.

[... 133 words]

How can I parse unquoted JSON with JavaScript?

Unquoted JSON isn’t JSON—the JSON spec requires that strings are quoted (with double quotes, not single quotes).

[... 104 words]

Was CoffeeScript invented to help Ruby programmers get over that dirty yucky feeling they get when working in JavaScript?

The original Prototype JS library might fit that description—more than CoffeeScript, at any rate.

[... 41 words]

How long until Ruby developers are as cheap as PHP developers? is it already happening? should I still learn it or it only has a couple years left and I’m better off with SSJS?

If you want to be a highly paid engineer, you should worry less about your expertise in a specific language and more about developing broad and deep skills across a wider range of development topics.

[... 197 words]

How is JSON different then a JavaScript (programming language) object?

JSON is a carefully selected subset of JavaScript. A JSON object can only consist of dictionaries, strings, numbers (in JavaScript floating point and integers are treated as the same thing), lists, booleans and null. The spec on JSON.org is a good guide: http://json.org/

[... 119 words]

Is there a method to programmatically clear browser cache in JavaScript?

No.

[... 18 words]

Are there any performance drawbacks when rendering DOM views at runtime with JavaScript, rather than rendering server-sent HTML?

Yes, there is quite a significant impact on first-load performance. The browser has to pull down all of the linked scripts before it can display any content—if you’re using a library like jquery that’s a sizeable chuck of code that has to be loaded and executed just on its own.

[... 152 words]

Does Quora use node.js?

Quora use their own event-based Python web framework which they’ve talked about quite a bit, called LiveNode. I believe it’s based on Tornado, the open source Python evented framework/appserver that was open sourced by Facebook after they acquired FriendFeed.

[... 49 words]

Qwery—The Tiny Selector Engine. A quarter of the size of Sizzle (1K gzipped and minified) due to only supporting ID, class and attribute selectors. Could be useful for things like embeddable widgets and badges, where depending on a larger library is impolite. # 2nd April 2011, 8:27 am

Before events took this bad turn, the contract represented by a link was simple: “Here’s a string, send it off to a server and the server will figure out what it identifies and send you back a representation.” Now it’s along the lines of: “Here’s a string, save the hashbang, send the rest to the server, and rely on being able to run the code the server sends you to use the hashbang to generate the representation.” Do I need to explain why this is less robust and flexible? This is what we call “tight coupling” and I thought that anyone with a Computer Science degree ought to have been taught to avoid it.

Tim Bray # 10th February 2011, 6 am

The code injected to steal passwords in Tunisia. Here’s the JavaScript that (presumably) the Tunisian government were injecting in to login pages that were served over HTTP. # 24th January 2011, 6:45 pm

Why would someone browse the web with JavaScript disabled?

Security conscious users (who understand the implications of XSS and CSRF attacks) sometimes disable JavaScript completely, or use a tool like the NoScript extension to disable it for all sites and only re-enable it on a small whitelist of sites that they trust.

[... 67 words]

Display your events on your own website with Lanyrd Badges. We’ve launched badges for Lanyrd—JavaScript that lets you embed a top bar or a content “splat” showing events you plan to attend, talks you’ve given in the past and other various combinations. I’m quite pleased with the implementation—the badges are configured using classes on a link to your Lanyrd profile, and the badges themselves are served through a combination of Amazon CloudFront for the initial script and a Varnish cache for the badge data itself to keep things nice and snappy. # 13th January 2011, 8:38 pm

Are there any wikis that allow the use of JavaScript on wiki pages?

Such a wiki would be grossly insecure. That said, take a look at TiddlyWiki—it’s implemented entirely in client-side JavaScript and allows plugins to be implemented by pasting JavaScript in to a textarea.

[... 53 words]

Why does Facebook chat use subdomains so aggressively?

Probably because it involves long-running connections. Browsers have a limit on the number of connections you can have open to the same domain at the same time (I think it’s 8 in most browsers these days). If Facebook chat opened a connection to www.facebook.com and you opened up 8 Facebook windows you would no longer be able to navigate to any more Facebook pages, since all 8 connections would be taken up by the long lived chat connections. By connecting to a different subdomain for each connection this problem can be avoided.

[... 107 words]

What are the reasons that make jQuery more popular than MooTools?

MooTools is the only major JavaScript library that still thinks extending the prototype of built-in JavaScript objects is a good idea.

[... 44 words]

What are the JSON security concerns in web development?

Be very careful when implementing JSON-P for authenticated actions—evil third party sites could assemble URLs to your user’s private data and steal it. This attack has worked against Gmail in the past.

[... 203 words]

What are the best alternatives to JavaScript when writing web applications?

CoffeeScript is rather nice—it compiles to non-obfuscated JavaScript.

[... 27 words]

Why do browsers allow cross-domain JavaScript to execute but not XMLHttpRequests?

It’s called the Same Origin Policy, and it’s principally about intranets. Imagine you have a URL http://intranet.corp/top-secret-...—and you then visit http://evil.example.com/ . If cross domain XHR was allowed the evil site could suck that secret document off your intranet without you realising.

[... 105 words]

Porting Flickr to YUI 3: Lessons in Performance (at YUIConf 2010). Some very interesting tips here. The new Flickr photo pages suffered from what I’ve been calling “Flash of Un-Behavioured Content”, where slow loading JavaScript results in poor behaviour from some UI controls. They started using “Action Queueing”, where a small JS stub ensures a loading indicator is shown for clicks on features that have not yet fully loaded. Also, it turns out some corporate firewalls (Sonicwall in particular) dislike URLs over 1600 characters, and filter out any URL with xxx in it. # 10th November 2010, 6:33 pm

What is the best JS library for automated cropping?

Not entirely clear what you’re looking for, but if you mean a UI tool for letting people resize and crop an image Jcrop is really nice http://deepliquid.com/content/Jc...

[... 43 words]

jQuery 1.4.3 Released. Once again, the thing that impresses me most about this jQuery release is how stable the core API is. Hardly any new methods added, but the existing methods are made faster, more flexible and more predictable. The same as been true for the past several releases as well. It just keeps getting more and more polished. # 17th October 2010, 12:15 am

Why do some websites implement their logout link as a form post via JavaScript versus a plain old GET request?

Probably because if you implement logout as a GET action, I can force you to log out of a site by tricking you in to visiting a page with an <img src="http://yoursite.com/logout/" width="1" height="1"> element on it.

[... 64 words]

JS had to “look like Java” only less so, be Java’s dumb kid brother or boy-hostage sidekick. Plus, I had to be done in ten days or something worse than JS would have happened.

Brendan Eich # 16th October 2010, 8:25 am

Annotated backbone.js. Literate programming. # 13th October 2010, 5:24 pm

Backbone.js. As should be expected for a DocumentCloud project, Backbone is a concise, elegant and educational take on the JavaScript MVC pattern. Depends on Underscore.js and plays well with jQuery. # 13th October 2010, 5:23 pm