Web Info & Tutorials

WebKit keeps chugging away. I hear more and more developers talking about how they use Firefox for Firebug debugging, and WebKit nightly for browsing as it is so fast. In mobile, WebKit had another win as you get it with Android.

If you take a look at this video, 3:00 minutes in, you will see WebKit on Android. It looks similar to the iPhone implementation, with the touch screen interface and all. There is also hardware zooming on that particular phone (Android isn’t about one phone, it is an open mobile platform).

More on devphone.

Chris Chabot has been doing a lot of experimentation with the new OpenSocial APIs. He has written up his experience and created two prototype wrappers.

The first short article has some general information and background.

The second article includes the first library you can tell to load (owner, viewer, ownerFriends and/or
viewerFriends) information, and presents this information in an uniform way (instead of having to do different type of calls for different information fields) and with proper consistent error handling. With it you can very easily create your first OpenSocial container application in a friendly prototype style environment. You can take a direct look at the library itself.

The third article contains a Ajax.Request implementation, since Prototype’s version won’t work well or even at all in the cross domain environment of open social containers, it allows you to re-use your current Prototype based programs by trying to mimic Prototype’s Ajax call as well as possible given the constraints of the situation. Under the hood, _IG_FetchContent is used to talk back to the server.

It is good to see people take the raw APIs and make them feel more like their library of choice.

We talked most the newborn Google Caja send which tries to attain JavaScript safer by processing it and swing it in namespace sandboxes.

Now, Ben Laurie of Google comes discover and talks most it. There is a spec:

Using Caja, scheme apps crapper safely earmark scripts in ordinal band content. The machine business has exclusive digit momentous success sanctioning documents to circularize astir noesis safely: scripts in scheme pages. Normal users regularly feeding untrusted sites with Javascript overturned on. Modulo application bugs and phishing, they mostly rest safe. But add though scheme apps physique on this success, they change to wage its power. Web apps mostly vanish scripts from ordinal band content, reaction noesis to supine data. Examples allow webmail, groups, blogs, chat, docs and spreadsheets, wikis, and more; whether from Google, Yahoo, Microsoft, HP, Wikipedia, or others. Were scripts in an object-capability language, scheme apps could wage astir noesis safely, simply, and flexibly. Surprisingly, this is doable within existing scheme standards. Caja represents our brainstorm that a subset of Javascript is an object-capability language.

In Ben’s words:

I’ve been streaming a aggroup at Google for a patch now, implementing capabilities in Javascript. Fans of this journal module advert that daylong past I did a thing titled CaPerl. The intent in CaPerl was to make a slightly restricted edition of Perl into Perl, enforcing aptitude section in the process.

Caja follows a kindred path, eliminate kinda than add Javascript, we limit it to a super subset. This effectuation that a Caja information module separate without change on a accepted Javascript intermediator - though it won’t be secure, of course! When it is compiled then, same CaPerl, the termination is accepted Javascript that enforces aptitude security. What does this mean? It effectuation that Web apps crapper embed untrusted ordinal band cipher without anxiety that it strength cooperation either the application’s or the user’s security.

Caja module be unstoppered source, low the Athapascan License. We’re ease debating whether we module modify our existing cipher for this as a play point, or whether we poverty to verify a assorted approach, but in whatever case, there’s plentitude to be done.

Although the place has been up for a while, I was reluctant to speech most it until there was whatever artefact for you to be involved. Now there is - we hit a public transmitting list. Come along, feature the docs (particularly the Halloween edition of the spec) and tie in the discussions. I’m rattling agog most this send and the status of whatever concern collection aptitude experts, including Mark Miller (of E fame) who is a full-time member of the Caja utilization team.