Raleigh, North Carolina, is stuck in the midst of a snow storm. By my standards this is not a snow storm but rather a minor irritation. But since everything is shut down I decided to create a new blog theme. I had a few hours to kill and it seemed like a good idea, actually it was. I popped open my favorite IDE and started writing CSS, in about an hour I had come up with a theme and the general look and feel; which is what you are looking at right now. I know there are a lot of little things left to do, there always is when creating a theme, but hey… there is always tomorrow since we are snowed in. Check out the before picture… (more…)
Javascript and Cross Domain Scripting Solution From Mozilla
A friend recently passed a long an article found on slashdot regarding XSS, and for more information I visited the Mozilla Blog that discusses this concept in greater detail. In an effort to save time I will summarize the articles as this, you will not be able to use in-line javascript, inline event handlers, or load javascript from unapproved domains. Basically, you will need to have all your javascript loaded in external js files, and then create a policy that allows the js to be loaded by a domain. Now after reading these articles, and mulling the concept over for a few minutes, a few things came to mind.
The amount of legacy code that produces inline javascript, or inline event handlers, etc..
The amount of time to refactor this code, and I am referring to enterprise applications not your Mom’s blog.
A way to move developers towards unobtrusive javascript, i.e. adding event handlers through script and not putting them directly into the html markup. This is a positive as markup is markup.
With this approach would the need for Javascript micro-architectures arise? Think PureMVC and Cairongorm for Flex. After all we are already using javascript application frameworks, shouldn’t we have some architectural frameworks for html/css/javascript clients?
Overall I am not to0 concerned with the implications of the concept presented by Mozilla. I feel that in the end it will make developers realize that there are some fundamental shifts needed in the client side development arena that go beyond creating the next cool javascript widget or library.
XSS is a real threat and by attempting to solve this issue we may all have to create a better architecture for our clients.
Summary
Adrian Pomilio -
Software Developer, User Experience Developer, and Adobe User Group Manager
Previous Speaking Engagements
Categories
- Beyond the Interface (2)
- RESTful (2)
- Blog (31)
- Book Reviews (4)
- CMS Themes (1)
- Comic Ads and Art (2)
- Conferences (2)
- Flash Platform (27)
- Actionscript (10)
- Air (4)
- Flex (26)
- Groovy and Grails (3)
- HTML/CSS/Javascript (9)
- Ajax (6)
- CSS (3)
- HTML (2)
- Javascript (7)
- Mac Tips (1)
- Tech Opinion (3)
- User Experience (2)