"There is much that is attractive about HTML5," says Douglas Crockford, known
Notation), the widely used lightweight data-interchange format.
"But ultimately," Crockford continues, "the thing that made the browser into
workaround tool." The problem is that there is what he calls "a painful gap"
result? XSS and other maladies. The responsible course of action, Crockford
contends, is to correct that defect first before pushing ahead with HTML5.
In an email exchange with Jeremy Geelan, here is what Crockford (pictured
above) says, in his own words...
"The most serious defect in web browsers is the incorrectly named Cross Site
Scripting (XSS) vulnerability. XS... (more)
Douglas Crockford's "Department of Style" Blog
Browser sniffing is a bad practice inspired by even worse practice. In
browser sniffing, a program attempts to determine what sort of browser it is
dealing with so that it can act accordingly. Sniffing can be done on the
server, or by scripts in the browser.
When browser sniffing is done badly, it becomes a harsh barrier to
innovation. Old applications will refuse to work correctly with new browsers
because of assumptions that all future versions of a particular brand of
browser will always require the same workarounds, or old applicat... (more)
Yahoo! User Interface Blog
Cooperating applications, such as mashups, must be able to exchange objects
with robust interfaces. An object must be able to encapsulate its state such
that the state can be modified only as permitted by its own methods.
include any means to harden them, so an attacker can easily access the fields
directly and replace the methods with his own.
can perfectly guard their state by using a variation of the Modul... (more)
JSON is a universal data format. It provides an uncommonly effective bridge
for moving data between systems and between languages. It is rendering the X
in AJAX superfluous. JSON is also really simple. This talk will spend several
seconds to fully explain the entire JSON language. There will also be a first
look at a new JSON solution to the Cross Domain Problem.
Douglas Crockford's Blog
is mostly good, but it has lots of kinks and traps. JSLint helps me to stay
clear of the bad stuff, which tends to make my programs more robust.
One day I got an email from a JSLint user suggesting that JSLint should check
for fallthru in switch statements. He argued that unintended fallthrus are a
common source of errors. I argued back that sometimes fallthrus are useful,
and distinguishing intentional v accidental fallthru was very hard, and the
benefits of the intentionals outw... (more)