Douglas Crockford

Subscribe to Douglas Crockford: eMailAlertsEmail Alerts
Get Douglas Crockford via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by Douglas Crockford

"There is much that is attractive about HTML5," says Douglas Crockford, known to millions of developers as the discoverer of JSON (JavaScript Object Notation), the widely used lightweight data-interchange format. "But ultimately," Crockford continues, "the thing that made the browser into a credible application delivery system was JavaScript, the ultimate workaround tool." The problem is that there is what he calls "a painful gap" in the specification of the interface between JavaScript and the browser. The result? XSS and other maladies. The responsible course of action, Crockford contends, is to correct that defect first before pushing ahead with HTML5. In an email exchange with Jeremy Geelan, here is what Crockford (pictured above) says, in his own words... "The most serious defect in web browsers is the incorrectly named Cross Site Scripting (XSS) vulnerability. XS... (more)

Yahoo!'s Crockford: Browser Sniffing Is "A Bad Practice Inspired by Even Worse Practice

Douglas Crockford's "Department of Style" Blog Browser sniffing is a bad practice inspired by even worse practice. In browser sniffing, a program attempts to determine what sort of browser it is dealing with so that it can act accordingly. Sniffing can be done on the server, or by scripts in the browser. When browser sniffing is done badly, it becomes a harsh barrier to innovation. Old applications will refuse to work correctly with new browsers because of assumptions that all future versions of a particular brand of browser will always require the same workarounds, or old applicat... (more)

Douglas Crockford on JavaScript Security: Durable Objects

Yahoo! User Interface Blog Cooperating applications, such as mashups, must be able to exchange objects with robust interfaces. An object must be able to encapsulate its state such that the state can be modified only as permitted by its own methods. JavaScript’s objects are soft and currently the language does not include any means to harden them, so an attacker can easily access the fields directly and replace the methods with his own. Fortunately, JavaScript provides the means to construct durable objects that can perfectly guard their state by using a variation of the Modul... (more)

JSON: The Data Transport Format of the Stars

JSON is a universal data format. It provides an uncommonly effective bridge for moving data between systems and between languages. It is rendering the X in AJAX superfluous. JSON is also really simple. This talk will spend several seconds to fully explain the entire JSON language. There will also be a first look at a new JSON solution to the Cross Domain Problem. ... (more)

JSLint To Be a Better JavaScript Programmer

Douglas Crockford's Blog I wrote JSLint to help me to be a better JavaScript programmer. The language is mostly good, but it has lots of kinks and traps. JSLint helps me to stay clear of the bad stuff, which tends to make my programs more robust. One day I got an email from a JSLint user suggesting that JSLint should check for fallthru in switch statements. He argued that unintended fallthrus are a common source of errors. I argued back that sometimes fallthrus are useful, and distinguishing intentional v accidental fallthru was very hard, and the benefits of the intentionals outw... (more)