Simon Willison’s Weblog

35 items tagged “mozilla”

Verified cryptography for Firefox 57 (via) Mozilla just became the first browser vendor to ship a formally verified crypto implementation. # 16th November 2017, 2:26 pm

A predictable web of data—the why of YQL. Christian Heilmann is moving from Yahoo! to Mozilla to head up their evangelism team, and has marked the occasion by releasing the first chapter of a proposed book on YQL. # 30th October 2010, 7:44 am

Plugging the CSS History Leak (via) Firefox is fixing the nefarious CSS visited link colour history leak flaw, which currently affects all browsers and allows a malicious site to determine if you have visited a specific site by checking getComputedStyle against a link to that page. It’s an obtrusive but necessary fix—visited link styles will be restricted to colour and border styles (no background images and hence no more checkbox effects since the image request could leak information) and those colours will not be reported via getComputedStyle. I hope other browser vendors follow suit. # 31st March 2010, 8:01 pm

Cache Machine: Automatic caching for your Django models. This is the third new ORM caching layer for Django I’ve seen in the past month! Cache Machine was developed for zamboni, the port of addons.mozilla.org to Django. Caching is enabled using a model mixin class (to hook up some post_delete hooks) and a custom caching manager. Invalidation works by maintaining a “flush list” of dependent cache entries for each object—this is currently stored in memcached and hence has potential race conditions, but a comment in the source code suggests that this could be solved by moving to redis. # 11th March 2010, 7:35 pm

HTML 5 Parsing. Firefox nightlies include a new parser that implements the HTML5 parsing algorithm (disabled by default), which uses C++ code automatically generated from Henri Sivonen’s Java parser first used in the HTML5 validator. # 11th July 2009, 11:36 pm

Codecs for <audio> and <video>. HTML 5 will not be requiring support for specific audio and video codecs—Ian Hickson explains why, in great detail. Short version: Apple won’t implement Theora due to lack of hardware support and an “uncertain patent landscape”, while open source browsers (Chromium and Mozilla) can’t support H.264 due to the cost of the licenses. # 2nd July 2009, 10:16 am

Firefox 3.5 for developers. It’s out today, and the feature list is huge. Highlights include HTML 5 drag ’n’ drop, audio and video elements, offline resources, downloadable fonts, text-shadow, CSS transforms with -moz-transform, localStorage, geolocation, web workers, trackpad swipe events, native JSON, cross-site HTTP requests, text API for canvas, defer attribute for the script element and TraceMonkey for better JS performance! # 30th June 2009, 6:08 pm

python-spidermonkey. A Python to JavaScript bridge using Mozilla Spidermonkey. Expose Python objects to JavaScript, or execute JavaScript from Python. # 14th May 2009, 3:56 pm

Crowbar. Headless Gecko/XULRunner which exposes a web service API for screen scraping using a real browser DOM—just pass it the URL of a page and the URL of a screen scraping JavaScript script (a bit like a Greasemonkey user script) and get back RDF/XML. # 24th January 2009, 11:52 pm

Browser Paint Events. The latest Firefox nightlies include a new MozAfterPaint event which fires after a portion of the page has been redrawn and provides co-ordinates of the affected rectangle. John Resig provides a neat bookmarklet that uses the new event to visualise repainting operations. # 14th October 2008, 1:08 pm

TraceMonkey. Brendan Eich has been preaching the performance benefits of tracing and JIT for JavaScript on the conference circuit for at least a year, and the results from the first effort to be merged in to Mozilla core are indeed pretty astounding. # 22nd August 2008, 11:13 pm

Firefox 3’s password remembering. I’m loving Firefox 3, and the way it does password remembering (with a non-modal toolbar so you can tell if your password worked before deciding to save it) is just one of the major improvements. Opera gets this right as well. # 2nd April 2008, 8:24 pm

Major Update to Prism (via) Mozilla’s site-specific browser tool can now use separate profiles (and hence separate cookie jars) for each instance, making it an excellent tool for protecting yourself against CSRF vulnerabilities in the web applications you rely on. # 10th March 2008, 2:03 pm

<META HTTP-EQUIV=“X-BALL-CHAIN”>. Mozilla hacker Robert O’Callahan discusses the technical implications of freezing copies of older rendering engines, including the increased footprint and the terrifying prospect of documents in different rendering modes communicating through iframes and the DOM. # 22nd January 2008, 6:55 pm

Cross-Site XMLHttpRequest (via) “Firefox 3 implements the W3C Access Control working draft, which gives you the ability to do XMLHttpRequests to other web sites”—you can mark a document as available for cross-domain requests using either an Access-Control HTTP header or an XML processing instruction. # 9th January 2008, 11:57 pm

Prism Prototype Now Available on Mac and Linux. Prism is the new name for Mozilla Webrunner, a toolkit for building native desktop applications on top of the Mozilla technology stack. # 11th November 2007, 10:21 pm

Tabula Fracta. Mozilla hacker Robert O’Callahan offers advice for anyone aiming to create a new rendering engine from scratch. The WHATWG’s work on specifying real-world browser behaviour and error models gets a well deserved mention. # 9th October 2007, 1:20 am

Firefox 3 Antiphishing Sends Your URLs To Google. Stories like this crop up every now and then, but no one ever seems to mention that the Google Toolbar has been doing this since it was released (more than five years ago) provided you have PageRank display turned on. # 25th September 2007, 11:04 pm

Hello JS-CTYPES, Goodbye Binary Components. Mark Finkle is porting Python’s ctypes functionality to the Mozilla platform, to allow binary XPCOM components to be defined in pure JavaScript. # 22nd September 2007, 11:57 pm

HTTPOnly cookie support in Firefox. Five years after the bug was filed, HTTPOnly cookie support has gone in to the Mozilla 1.8 branch. This is a defence in depth feature that has been in IE for years—it lets you set cookies that aren’t available to JavaScript, and hence can’t be hijacked in the event of an XSS flaw. # 6th September 2007, 6:27 am

Why Tamarin instead of... Justification for Tamarin in Mozilla over Mono and the JVM. It mainly comes down to license compatibility and overall size. # 9th August 2007, 12:43 pm

The recent announcement that Mozilla’s next JavaScript engine, Tamarin, will also be a container for functionality written in Python and Ruby (and, one assumes, beyond) is proof that JavaScript is the new Parrot.

Aaron Straup Cope # 29th July 2007, 9:17 pm

Mozilla and IronPython: IronMonkey. Interesting to note that all three new Mozilla projects are being lead by experienced Python developers. # 26th July 2007, 8:07 pm

Brendan Eich: New Projects. Exciting new projects from Mozilla. ActionMonkey is joined by IronMonkey (IronPython/IronRuby on Tamarin) and ScreamingMonkey (Tamarin for IE). Upgrading IE’s JavaScript using the Flash Player as a vector is a game-changing idea. # 26th July 2007, 8:05 pm

ActionMonkey (via) SpiderMonkey + Tamarin = ActionMonkey. New JavaScript engine for Mozilla 2, incorporating code from Adobe’s Open Source ActionScript VM. # 24th July 2007, 3:29 pm

The web can eat toolchain bait like this for breakfast.

Mike Shaver # 11th May 2007, 3:43 pm

Debian GNU/Linux 4.0 released. Includes Iceweasel (Firefox), Icedove (Thunderbird), Iceape (Seamonkey) and Python 2.4.4 as standard. # 8th April 2007, 6:25 pm

Mozilla Gran Paradiso Alpha 3 Release Notes. New features include animated PNGs, <link rel=“offline-resource”> and the HttpOnly cookie flag which indicates that a cookie should not be accessible to script (borrowed from IE). # 25th March 2007, 9:37 pm

opensource @ Joost. Joost is built on top of Mozilla, Redland, SQLite and a bunch of other bits and pieces of Open Source infrastructure. # 12th March 2007, 1:29 pm

VCS Migration: The Hare and the Tortoise. Bazaar and Mercurial compared from the point of view of importing 1 million diffs from Mozilla CVS. Bazaar’s import is more robust but will take more than a month to complete. # 26th January 2007, 11:44 pm