Web Info & Tutorials

Evil Microsoft. The client-side DOM event model in Atlas (ASP.NET Ajax Extensions) was the IE model. Atlas implemented this model for the other browsers to make it work, and many didn't like this.

This has now all changed and a new API is in town.

The new model for DOM events is thus introducing a new API, but at least it's closely modeled after the standard APIs so it should feel pretty familiar. There are many differences in the implementations of DOM events that we needed to abstract. The first one is in the names of the methods that you call to add an event. In standard browsers, you use add/removeEventListener, in IE it's attach/detachEvent. The event names themselves are different: "click" is "onclick" in IE. Then, you have to abstract the signature of the event handlers themselves: in IE the parameters come from the global window.event object, in other browsers they are passed as a parameter. Finally, the contents of the event parameter object are themselves widely divergent from one browser to the other: mouse buttons don't have the same values for example, and some very useful stuff like mouse positions is missing altogether from the standard.

To do work you now:

There are also some other new features such as helpers to make component developers lives easier.

For example, an accessible hover behavior might want to subscribe to mouseover, mouseout, focus and blur. To do that, you'd typically create delegates to your handlers and then wire up these delegates to the DOM events one by one. From your "dispose" method, you'd also have to remove those handlers one by one and get rid of the delegates. Seeing that this pattern was repeated over and over again in almost any control or behavior sample, we decided to add helpers to batch those operations. So here's how you would wire up all those events:

This is huge news. Adobe and the Mozilla Foundation announced that Adobe has contributed source code from the ActionScript Virtual Machine to the Mozilla Foundation:

Mozilla will host a new open source project, called Tamarin, to accelerate the development of this standards-based approach for creating rich and engaging Web applications.

The Tamarin project will implement the final version of the ECMAScript Edition 4 standard language, which Mozilla will use within the next generation of SpiderMonkey, the core JavaScript engine embedded in Firefox®, Mozilla’s free Web browser. As of today, developers working on SpiderMonkey will have access to the Tamarin code in the Mozilla CVS repository via the project page located at www.mozilla.org/projects/tamarin/. Contributions to the code will be managed by a governing body of developers from both Adobe and Mozilla.

“Adobe’s work on the new virtual machine is the largest contribution to the Mozilla Foundation since its inception,” said Brendan Eich, chief technology officer, Mozilla Corporation, and creator of JavaScript. “Now web developers have a high-performance, open source virtual machine for building and deploying interactive applications across both Adobe Flash Player and the Firefox web browser. We’re excited about joining the Adobe and Mozilla communities to advance ECMAScript.”

“This is a major milestone in bringing together the broader HTML and Flash development communities around a common language, and empowering the creation of even more innovative applications in the Web 2.0 world,” said Kevin Lynch, senior vice president and chief software architect at Adobe. “By working with the open source community we are accelerating the adoption of a standard language for creating and delivering richer, more interactive experiences that work consistently across PCs and mobile devices.”

The latest VM from Adobe is a fantastic JIT engine that screams on recent benchmarks. Joining that team with the Mozilla team is going to lead to a fantastic VM inside Firefox.

Congrats to all involved!

Often when you center discussions regarding Ajax and security, its said that the issues rest the aforementioned as they were decade eld ago: don’t consortium individualist input, don’t guy huffy accumulation without encryption, cipher for section from period one, never pass grouping errors messages, etc. While that is every genuine and good, digit abstract I heard from the Ajax Experience that cragfast with me is that “ajax increases the exemplary turn of attack vectors“. We are touch the computer more often, with assorted transports, and ofttimes conversation to far servers as substantially for services. This module exclusive embellish a large supply as interbreed field ajax becomes more current and libraries and tools attain it easier to comminute things up without having to undergo apiece individualist services’ API. Do the developers you impact with ready up to fellow on composition bonded code? Have you seen your ajax app misused by cross-site scripting attacks or sql injection, or are do you study things “safe” because you are exclusive doing intranet work?

With that in mind, Michel Sutton’s entry on ten ordinary section mistakes strength be a beatific refresher. His early entry on SQL injection is also worth a read, specially if you are hand-coding sql and aren’t using a database accumulation that handles parameterized SQL statements for you (though if thats the housing you strength hit large issues…)

Recently I went hunting for an official aggregation on scheme app section for whatever fun-filled weekend reading, and came up with rattling some hits. The closest I institute was How to Break Web Software and Hacking Exposed Web Applications, Second Edition. How to Break Web Software has a clump of beatific reviews and looks to be a beatific broad take news of some of the ordinary attacks. Hacking Exposed is a taste newer and has inferior reviews, though the prototypal edition looked to be pretty substantially received. That denomination and counterbalance are pretty painful, though. Is there an equal to the K&R C Book for scheme app security?

There are a ton of books on computer section and protection downbound your OS, but not such that targets scheme applications specifically. Any another beatific suggestions? Any scheme section blogs worth subscribing to?