07 May

Line Clampin’ | CSS-Tricks

You want X lines of text. Anything after that, gracefully cut off. That’s “line clamping” and it is a perfectly legit desire. When you can count on text being a certain number of lines, you can create stronger and more reliable grids from the elements that contain that text, as well as achieve some symmetric aesthetic harmony.

There are a couple of ways to get it done, none of them spectacular.

If you are doing Web Design/Development as a full-time and aren’t reading CSS-Tricks, you really should be. Awesome little tricks like this one..

06 Feb

Tinycon – Favicon Alerts

Tinycon allows the addition of alert bubbles and changing the favicon image. Tinycon gracefully falls back to a number in title approach for browers that don’t support canvas or dynamic favicons.

Alerts in the favicon allow users to pin a tab and easily see if their attention is needed.

via GitHub – Tinycon. Pretty sure I could count the times I actually looked at a favicon alert on one hand, that being said nice work.

15 Jan

wingolog – Javascript eval Considered Crazy

What can an engine do when it sees eval?

Not much. It can’t even prove that it is actually eval unless eval is not bound lexically, there is no with, there is no intervening non-strict call to any identifier eval (regardless of whether it is eval or not), and the global object’s eval property is bound to the blessed eval function, and is configured as DontDelete and ReadOnly (not the default in web browsers).

But the very fact that an engine sees a call to an identifier eval poisons optimization: because eval can introduce variables, the scope of free variables is no longer lexically apparent, in many cases.

I’ll say it again: crazy!!!

via wingolog – Javascript eval Considered Crazy. No matter how crazy and unsafe you consider eval this is just going to scare you a little more.

14 Nov

Analyzing Network Characteristics Using JavaScript And The DOM, Part 1

In this article, we’ll look at some methods of manipulating JavaScript to determine various network characteristics from within the browser — characteristics that were previously available only to applications that directly interface with the operating system. Much of this was discovered while building the Boomerang project to measure real user performance.

via Analyzing Network Characteristics Using JavaScript And The DOM, Part 1. Pretty sure I would never have thought of attempting measuring the speed of the TCP packest with JavaScript. I’ve done it a few times with C for a class, Atwood’s Law in effect, I guess.

09 Nov

Mozilla Popcorn – Making video work like the web

Popcorn makes video work like the web. We create tools and programs to help developers and authors create interactive pages that supplement video and audio with rich web content, allowing your creations to live and grow online.

via Mozilla Popcorn – Making video work like the web. The video at the link makes it a little bit clearer. The concept is basically at points in the video you can load in data from the web about the video or what’s shown in the video from Twitter, Wikipedia, Google Maps and other stuff.

02 Nov

ExtremeTech – Mozilla puts Firefox on a memory diet

Firefox’s single largest consumer of RAM, its JavaScript engine SpiderMonkey, is going on the mother of all diets. At any one time, SpiderMonkey’s memory footprint can be over 50% of Firefox’s total usage — the JavaScript on the ExtremeTech homepage, for example, uses no less than 115MB of memory — and slipstreaming SpiderMonkey is by far the best change that Mozilla can make to keep Firefox on the desktop svelte and competitive with Chrome and IE, and Firefox on Android less sluggish.

If you’re not a programmer, you should probably skip this paragraph. Basically, almost every fundamental part of SpiderMonkey is being torn apart, turned over in the hands of Mozilla’s finest engineers, and rejigged to use less memory. JSObject is being cut in half, and thus JSFunction will also be slimmed down. Slots arrays will have the option of being 32-bit, rather than being forcibly being constructed of 64-bit “fatvals.” Shapes, one of SpiderMonkey’s most important data structures, are going to be almost halved in size. Mozilla is currently looking into whether scripts can be “lazily loaded,” too — as much as 70-80% of all downloaded JavaScript is never executed, and so it makes no sense to load it into memory; lazy loading, where scripts are loaded as-needed, would significantly reduce memory usage.

via ExtremeTech – Mozilla puts Firefox on a memory diet. I still use Firefox as my main browser but this is a needed improvement. Hopefully, Mozilla is successful with their improvement.

07 Sep

GitHub – davatron5000/FitVids.js

A lightweight, easy-to-use jQuery plugin for fluid width video embeds.

FitVids automates the Intrinsic Ratio Method by Thierry Koblentz to achieve fluid width videos in your responsive web design.

via GitHub – davatron5000/FitVids.js. Pretty cool, not something I personally would need often but still useful.

18 Aug

Neal Poole – Cross-Site Scripting via Error Reporting Notices in PHP

A PHP application that displays error reporting notices and contains specific code patterns may be vulnerable to a cross-site scripting attack. I’ve confirmed this issue on PHP 5.2.17 and a snapshot of PHP 5.4 (I assume it affects other versions of PHP as well). This issue was filed as Sec Bug #55139 back in July, but it was recently closed as “bogus” by a member of the PHP team, making the report public.

When display_errors is enabled and a PHP notice is generated, none of the text of the notice is HTML-encoded. That means if an attacker can control part of the notice text, they can inject arbitrary HTML and JavaScript into the page. Certain specific coding patterns make such an attack possible.

via Neal Poole – Cross-Site Scripting via Error Reporting Notices in PHP. Though to be fair you probably shouldn’t be using display_errors in a production site.