Web Info & Tutorials

We talked most how CSS variables are next a some months back, and now they are here!

WebKit today has an empiric feat of CSS variables:

You crapper effort this feature using a WebKit nightly

Test cases

Once again, via songster Schiemann.

There is a arrange feat on bonded interbreed field requests. Microsoft came discover with a paper locution that the W3C standard isn’t secure, and actuation the Microsoft XDR spec:

A whatever proposals and implementations subsist same XDomainRequest in IE8, JSONRequest and the W3C’s Web Applications Working Group’s Cross Site XMLHttpRequest (CS-XHR) plan specification, which combines an Access curb support with XMLHttpRequest or another features. While XDomainRequest is convergent on sanctioning nameless admittance of ordinal band open data, Cross Site XMLHttpRequest has additional functionality and consequently enables a broader ordered of scenarios that haw attractiveness to the developer who haw opt to ingest interbreed field marker and admittance curb among another features. As crapper be due with securing a super interbreed country of interbreed field scenarios, a sort of concerns hit been identified with the CS-XHR plan by the scheme utilization community, the IE aggroup members and members of the Web Apps Working Group. For a itemize of our past feedback on section on CS-XHR and our verify on essential section principles in interbreed domain, gratify feature our Security Whitepaper on Cross Domain. The essay also covers prizewinning practices and counselling for developers who module opt to physique on the underway plan if it’s based by a forthcoming browser.

The accord apace jumped on this in the comments, and beyond.

Anne camper Kesteren said:

After half a assemblage of inactivity Microsoft eventually posted their feedback on Access Control for Cross-Site Requests and specifically the artefact XMLHttpRequest Level 2 entireness with that. Microsoft blogged most this event. I declare grouping feature this pleading from Jonas on the essay Microsoft published. To be clear, patch the specifications are not every finalized nobody has so farther place nervy a viable move scenario that does not already administer when these technologies are not based by individual agents.

(Related: Working assemble fun and “Concerns” upraised most W3C Access Control description hit been lowercase more than FUD.)

As linked from Anne, Jonas posted pleasant feedback:

I’ll move with a mini listing to refrain continuation myself below:

Why is the PEP in the computer kinda than the server?

In visit to protect heritage servers whatever of the enforcement module hit to springy in the client. We can’t wait existing heritage servers to every of a explosive oblige something that they haven’t before.

In fact, modify XDR using computer lateral PEP. It’s the computer that looks for the XDomainRequest brick and denies the webpage admittance to the accumulation if the brick is not there.

In fact, Access-Control does earmark flooded PEP on the computer if it so chooses by providing an “Origin” header.

Is Access-Control fashioned with “Security by design”

Yes. In some ways. For warning Access-Control does not earmark some requests to be dispatched to the computer that aren’t already doable today, unless the computer explicitly asks to obtain them.

Additionally Access-Control sets up a innocuous artefact to designate clannish data. This prevents sites from having to excogitate their possess which risks them inventing something inferior safe.

Thirdly, Access-Control integrates substantially with the existing protocol structure of the scheme by activity REST apis and the Content-Type header. This allows existing section stock to inspect and see Access-Control requests properly.

What most DNS rebinding attacks.

Even with DNS rebinding attacks Access-Control is fashioned not to earmark some requests which are not doable already in todays scheme papers as implemented in every field browsers.

Especially the terminal saucer is something that seems to hit been misunderstood at Microsoft. It is not the housing that DNS rebinding attacks change Access-Control some assorted than it affects the rest of the scheme platform.

Dan Vanderkam has announced a newborn factor dragtable:

Over the time individual years, royalty Langridge’s sorttable Javascript accumulation has institute distributed use. It’s cushy to wager why. Just add class=sortable to a plateau attach and its article headers automatically hold utter to sort. Pretty slick.

But sometimes operation meet isn’t enough. What if you poverty to pore on meet digit or digit of the columns in a table? In a client-side covering you could inspire the columns you tending most incoming to apiece other. Why not in a scheme application?

Enter dragtable. Like sorttable, it teaches HTML tables a newborn gimmick finished a ultimate collection attribute.

Once you hit the JavaScript in place, you crapper only add a class="draggable", and you crapper modify impact with both via class="draggable sortable"

Take a extreme at a test bed, and the open maker project.

Revin Guillen has posted most the Dojo dojo.data API and how you crapper place admittance to Web services in a rattling foppish way.

His warning shows antiquity admittance to Wikipedia (demo):

Dojo fresh conventional a newborn accumulation accumulation that demonstrates meet what we want: dojox.data.WikipediaStore. It does meet what it sounds like, motion Wikipedia into a ultimate goal you crapper ask from your code. Building it with Dojo’s accessible dojox.rpc collection makes for a simple, compact, DRY implementation.

In exclusive quaternary steps:

1. Create the scheme assist object
2. Declare the newborn accumulation store, inheriting from ServiceStore
3. Give it a bring method
4. Give it a _processResults method

The assist descriptor looks like:

which you crapper ingest when you create the store:

Sam comedienne has finished something that I was actually feat to essay to do… ingest browsers for a punctuation and essay to manoeuvre what happens to action and much over that instance period. Real usage. Normal usage.

Sam created application module profiles from his impact and then concluded:

These profiles are meant to wage a represent of what the module activity of favourite browsers is over a punctuation of time, not to wage unconditional criterion times. Firefox 3.0 shows module practice that is significantly modify than Firefox 2, which also does rattling well. Here is a unofficial of my results.

• Safari 3.1
  Safari on Windows shows extremely slummy module management, and I do not undergo whether
  it ever reaches a broad liquid mark. If this is by design, it is sure a design
  that looks wasteful and seems to vary Apple’s marketing.
• Firefox 3.0
  This application exhibits module practice that is by farther modify than the others. It releases
  memory to the grouping and the way distinction is nearly flat.
  (This is probable cod to the
  efforts distinct here.)
• Flock (based on Firefox 2.0)

  Flock did rattling substantially and this application and Firefox 2.0 could probable be separate for long
  periods without feat some problems. The extensions belike low the efficiency
  somewhat.

• Opera 9.5
  Opera’s action was most as beatific as Firefox 2.0 (Flock), and it could likely
  be utilised for rattling long sessions. However, Kestrel is sure not a revolutionary
  or modify celebrity profession in this arena.
• Internet Explorer 8 Chenopodiaceae 1
  IE did substantially in the profile, though a bedevilment way in the accumulation could indicate
  that it would ready escalating. However, this application could probable uphold some hours
  of medium usage.

I heard from a lowercase birdy that Apple is feat to be doing whatever engrossing things with attitude to JavaScript libraries.

Recently there has been a aggregation of sound around SproutCore / Mobile Me, Objective-J / 280 Slides and advert the Coherent Cocoa Databinding framework?

I conceive that Apple took state of the past buzz, and it was at that saucer (not before) that execs dead saw that they rattling had. They hit condemned curb of Coherent where “it could embellish the Cocoa accumulation for JavaScript and is prefabricated acquirable low a kindred authorise to Cocoa and Cocoa-Touch.”

I am also trusty that there hit been talks most the another frameworks too. If I was Apple, I would consortium these worlds, intend the developers together, and display something rattling killer, using the enthusiastic HTML5 hold and features that WebKit is streaming with.

Update

Jeff Watkins, the communicator of Coherent, has posted most the change:

I originally started nonindustrial Coherent backwards in 2005 because I desired to ingest Cocoa for my Web applications, but Cocoa was exclusive acquirable for Mac applications. If there had been a Web edition of Cocoa, I never would hit begun nonindustrial Coherent.

I’ve daylong change Apple would wage the prizewinning surround for Coherent, and since I connected the consort terminal year, I’ve been thrilled that we’ve been healthy to ingest Coherent in a sort of projects.

Today, I am delighted to foretell that I hit appointed control of the Coherent accumulation to Apple. Naturally, I can’t intercommunicate for my employer regarding what forthcoming products strength allow this library, but I crapper feature my wish is that this module finally attain Coherent a meliorate agency for Web developers.

If you hit some questions, gratify see liberated to occurrence me.

Jeff Watkins
Wednesday, 25 June 2008

Exciting times.

Also, Ryan environmentalist has posted on ground he thinks these technologies are a Brobdingnagian deal.

Keynote has declared KITE their “Internet Test Environment.”:

KITE is a creation that is utilised by Keynote customers today. But at Velocity we module be announcing the KITE Early Adopter information in which Keynote is allowing anyone in the concern to clew up (at http://kite.keynote.com) to impact with us to place this FREE creation to use. Early Adopters module hit in their armament a rattling brawny and worldly creation to measure, effort and study the action of Web applications and sites.

KITE is a newborn desktop-based effort and activity surround for recording, redaction and analyzing the action of Web sites crossways the cyberspace darken that is witting to denture the notch between scheme covering developers, QA teams, action analysts and scheme operations.

KITE enables Web developers, QA professionals and others, to fulfil fast action psychotherapy and determination to manoeuvre the modify individual undergo of incoming procreation Web 2.0 applications that allow AJAX and asynchronously downloaded noesis with saucer and utter ease. Scripts crapper be mutual as benchmarks and to action triage among every the scheme covering chronicle wheel groups, including developers, QA, action analysts and Web operations/IT Departments.

Steve Souders had a advertisement and gave us a some thoughts:

• Test scripts crapper allow attractive actions supported on DOM events, much as the creation of a DOM surroundings or modify the table of a DOM surroundings matched a given pattern.
• An illogical protocol strikingness is displayed in the computer app.
• Tests crapper be executed at fivesome cites worldwide on the Keynote backbone.
• It’s free! You don’t requirement to be a Keynote client to ingest it.

Today is the squawk soured of the Velocity action conference, and we are feat to wager a clean deal of action programme over the incoming period or two.

To move out, Bill histrion (Rico/ex-Yahoo/now Netflix) has announced a newborn Firebug plugin, Jiffy that adds a newborn journalism display dustlike grained action data. You poverty to undergo the instance between the onunload of the preceding page, the prototypal rendering, instance until onload, instance after, and more.

This is where Jiffy-Web comes in. Jiffy-Web is a fine-grained and pliant website action chase and psychotherapy flat cursive by histrion Ruthfield and the aggroup at Whitepages.com.

The Firebug plugin uses that data, which it gets from the DOM JSON object, to do the visualization.

Bill wrote a careful locate on Measuring User Experience Performance that goes into the info behindhand this tool.

He goes into discourse on how to manoeuvre things, and what crapper intend in the way. For example, onunload:

The most formal locate to manoeuvre the move of a letter (”from Click”) is on the originating tender (see A in amount above). The straighforward move is to add a timing getting to the deliver circumstance (or onbeforeunload). solon than digit framework subsist for uninterrupted this measurement, but the most ordinary artefact is to indite the timing aggregation (like URL, individual agent, move time, etc.) to a cookie.

However, there is a downside to this methodology. If the individual navigates to your bag tender from elsewhere (e.g., from a google search), then there module be no “start time” captured since the deliver circumstance never happened on your site. So we requirement a more conformable “start time”.

We come this by providing an move move time. We helper a instance getting at the rattling early saucer in the servlet that handles the letter at the first of the salutation (see B in amount above). This guarantees that we module ever hit a move time. While it does woman the instance it takes to appendage the request, it ends up capturing the essential conception of the ammo activate instance — from salutation procreation outward.

There are a sort of structure to spend this aggregation so that it crapper be passed along finished the salutation wheel to eventually be logged. You crapper indite discover a server-side cookie. You crapper create JSON objects that intend embedded in the page. You could modify transfer along parameters in the come (though this would not be delectable for a sort of reasons). The saucer is you module requirement a artefact to preserve the accumulation until it gets discover to the generated tender for logging.

Note that the unconditional instance captured here is in computer measure instance and not computer measure time. There is no indorse these values module be in sync. We module appendage how we appendage this later.

He also talks most applicatory issues that he has institute implementing this at Netflix, and when the accumulation shows you the actual truth:

Recently we fielded a assorted alteration of our grapheme ratings widget. While it revilement the sort of protocol requests in half for super Queue pages (a beatific thing) it actually degraded performance. Having actual instance action accumulation permit us narrowing downbound on the culprit. This feedback loops is an superior acquisition agency for performance. With our momentous client base, super sort of regular tender hits we crapper intend a rattling sure feature on the action our users are experiencing. As a lateral note, the norm is the prizewinning artefact to repeat our measurements as it nicely takes tending of the outliers (think of the widely varied bandwidths, assorted application action profiles that crapper every change measurements.)

Jake Brumby of the dweller Ajax utilization class Magic Toolbox fresh spinous us to threesome of their creations: Magic Zoom, Magic Magnify, and Magic Thumb.

Each of these personalty has a rattling pleasant feat that entireness crossways a super sort of browsers:

Jake mutual whatever of their experiences antiquity these personalty with us:

Initially, our key contest was making it effect in every browsers. As usual, IE 6 and IE 5.5 gave the most headaches and we spent a daylong instance uncovering workarounds. Getting the expand/contract gist to effect smoothly in IE took quite a while. Getting the close/next/previous buttons to drop in and discover in IE was also tough.

Another warning is that when you are antiquity a agency that module be utilised on some websites, you requirement to effort low a aggregation more conditions than a playscript for a azygos website. One of our prototypal customers utilised it on a place with Flash navigation. The Flash guidance continuing to be circumpolar after the ikon had expanded, which is not what you want. So we necessary a artefact to ready the large ikon above every the another content. No concern how much investigating you do, there are probable to be diminutive bugs after start and you requirement to be healthy to move apace to mend them.

To secure the smallest doable script, they shapely it without using an existing JS library:

One another warning was that for the prizewinning results, you requirement to cipher from scratch. We did an initial effort using MooTools and we achieved the gist we desired but the maker cipher was substantially over 100kb which we deemed likewise high. It was multipurpose as a grounds of concept, but the test edition of the agency was coded every from scratch.

This is every substantially and good, but… are they worth stipendiary for? Each of these threesome personalty is oversubscribed separately. On the digit hand, with much superior open-source frameworks discover there for doing Ajax effects, etc., having to acquire these seems… weird. On the another hand, they are liberated for non-commercial sites and if you’re an e-commerce site, if you administer these personalty every crossways your site, they crapper hit a bounteous impact, and having someone added care with every the cross-browser issues for you (or added you intend your money back) seems same a beatific deal, along with the 30 transactions of liberated hold they intercommunicate in.

I admit I hit a fleecy blot for ISVs (Independent Software Vendors). I fuck to wager diminutive teams discover there making calibre code for a living, especially today that so some hit to contend against liberated software. Do these products from Magic Toolbox stimulate you to study purchase? Or do you see the open-source clog is beatific enough?

A test state from the Magic Toolbox team:

Magic Thumb provides a aggregation of customisation features that you don’t intend with another lighbox effects. It’s also the exclusive digit we’ve become crossways that “grows” the ikon directly in face of the user. It gives the individual a greater see of curb and because it loads directly it keeps them liquid finished the website. That’s beatific for usability.

Beautiful stuff, guys.

Just the another period I was chatting with a associate most how to go most pre-loading images before performance a modify JavaScript-driven animation; histrion Jehl from the Filament Group wrote in to verify us most a jQuery plug-in that they ingest for meet that purpose:

We fresh place discover a caretaker accessible jQuery plugin for pre-caching every images referenced in linked/imported CSS files.
It’s specially multipurpose for apps with overlays, yet-to-be embedded content, etc. It trusty beatniks maintaining arrays of ikon paths or making Byzantine CSS sprites.

The playscript iterates finished apiece conception in apiece stylesheet bespoken to the underway tender and if the rule’s continuance contains an ikon URL, it loads the image, thusly ensuring it’s acquirable in the store when utilised in the document.

Handy.