ACID 3 AND THE FUTURE OF MEMORY LEAKS
John Resig has a couple of interesting posts on Acid 3 and memory leaks.
Firstly, with Acid 3 hopefully around the corner (but not yet ready!), John takes a look at the JavaScript side of the equation:
- Array Elisions - Making sure that stuff like
[,,]doesn’t have a length and[0,,1]has a length of 3. - Array Methods - Doing an unshift with multiple arguments
.unshift(0, 1, 2), joining with an undefined argument.join(undefined). - Number Conversion - Banging against
.toFixed(),.toExponential(), and.toPrecision()- especially with decimals and negative numbers. - String Operations - Negative indicies in substr
.substr(-7, 3), character access by index"foo"[1](part of the ECMAScript 4 spec). - Date - Making sure that certain method calls result in NaN results (like
d.setMilliseconds(), with no arguments) and also enforcing +1900 year offsets. - Unicode in Identifiers - You can’t use escaped Unicode in identifiers, for example:
eval("test.i\\u002b= 1;");(that should throw an exception). - Regular Expressions -
/[]/matches an empty set,/[])]/should throw an exception, backreferences to non-existent captures, and negative lookaheads/(?!test)(test).exec("test test"). - Enumeration - Make sure that object properties are enumerated in the correct order, make sure that you’re able to enumerate properties of certain names (toString, hasOwnProperty, etc.).
- Function Constructors - The user should be able to set custom constructors on the
.constructorproperty,.constructorshould not be enumerable, and.prototype.constructorshould be deletable. - Function Expressions -
(function test(){ ... })();You should be able to call the function by name, within the function itself, you can’t directly overwrite the function name (only with a function-scoped variable), and ‘test’ isn’t leaked into the parent scope. - Exception Scope - Variables within the
catch(){}should interact with the catch arguments primarily, followed by variables in an outer scope. - Assignment Expressions -
s = a.length = "123";- a.length has a return value of 123 (the number) which is assigned to ’s’, rather than the correct result of the string “123″. - Encoding -
encodeURI()andencodeURIComponent()must gracefully handle null bytes.
John then goes on to ask Will Memory Leaks Matter in 2009? where he paints an optimistic picture of the browser space in the future. We can only hope!
UPDATE: Ian has posted about Acid3.
HTML PURIFIER 3.0
HTML Purifier 3.0 has been released.
What is HTML Purifier?
HTML Purifier is a standards-compliant HTML separate accumulation cursive in PHP. HTML Purifier module not exclusive vanish every vindictive cipher (better famous as XSS) with a good audited, bonded still undemanding whitelist, it module also attain trusty your documents are standards compliant, something exclusive realizable with a broad noesis of W3C’s specifications.
What’s newborn in 3.0?
Release 3.0.0 is the prototypal promulgation of 2008 and also HTML Purifier’s first
PHP 5 only release.
The 2.1 program module still
be based for fault and section fixes,
but module not intend newborn features. This promulgation a sort of
improvements in CSS handling, including the filter
HTMLPurifier_Filter_ExtractStyleBlockswhich integrates
HTML Purifier with
CSSTidy for cleanup call sheets
(see the maker cipher enter for more aggregation on usage), contains
empiric hold for
copyrighted CSS properties with %CSS.Proprietary, case-insensitive
CSS properties, and more undemanding hexadecimal colouration codes. Also, every code
has been upgraded to flooded PHP 5 and is
E_STRICTdecent for every versions of PHP 5 (including the
5.0 series, which previously had parse-time errors).
You crapper separate a live demo to wager it at work.