Monthly Archives: October 2009

jQuery 1.4 Preview

Posted on by No Comments ↓

I just found this preview of jQuery 1.4. I read some of this stuff at the jQuery site, but this is a nice explanation of the proposed functionality of the next major version of jQuery.

I think the new ‘live’ event handlers are going to be great. I can’t stress how much the ‘live’ method has helped my JavaScript development – it makes event binding much less of a chore when dynamically creating page content (especially for trivial things, like bindings for button hover behavior). One of the things I’ve disliked, though, is the change event of dropdowns isn’t able to be live captured, which has led me to use Live Query for those purposes. With 1.4, it can be done with jQuery alone.

It will certainly be interesting to see if the Lazy Load code is included, for on-the-fly .css and .js includes. By conditionally loading javascript and css, a lot of bandwidth could be conserved by choosing to defer file retrieval for little-used site features.

Some of the other cool new features will undoubtedly be radio classes and the offset get/set methods – I can see using those to save a few lines of code. I’m betting that there will also be some performance increases with 1.4, so I’m excited about the release, even if it’s release is still a few months off yet.

Cross Domain AJAX with CSSHttpRequest

Posted on by No Comments ↓

Normally, AJAX is limited to retrieving data on the same domain that served the page. This is a limitation of the XMLHttpRequest, done mostly for security purposes. There are several ways to get around this limitation, of course, using a variety of methods and techniques. This is one of the stranger that I’ve come across – CSSHttpRequest.

Essentially, this small JavaScript library exploits the fact that CSS stylesheets are not subject to the same domain policy, which enables cross-domain POST requests for .css files. This allows you to pull CSS rules from remote domains – rules that contain name-value pairs embedded in valid CSS styles. The particular technique used is to return name-value pairs in background url fields for fake style rules, as such:

#c0 { background: url(data:,Hello%20World!); }

The client-side applies these style rules when they return from the remote domain, then JavaScript is used to read the property values and turn them into essentially JSON data ready for client consumption.

Of course, there’s a reason that the same origin policy is enforced. Normally, resources on the same domain are considered trusted, while external resources are not. With a library like this, essentially, if you’re vulnerable to JavaScript injection, there’s not much you can do to keep someone from embedding CSSHttpRequest on your page then using it to pull content from a remote domain. Nasty trick, but it’s totally possible and even trivial to some extent.

There are certainly legitimate reasons to need cross-domain AJAX. However, I wouldn’t think to use such a technique on a public site – it has the feel of a hack since (AJAX isn’t supposed to cross domains, after all), and the potential erosion of public trust is not worth the benefits. As an exercise of an interesting technique, it’s very cool, though.

Google Chrome Frame – Webkit in IE

Posted on by No Comments ↓

Steve Ballmer has, in the past, stated that he would be open to the idea of Internet Explorer dropping the Trident rendering engine in favor of the open-source Webkit. I, for one, would love it if this happens – Trident is the bane of web developers around the world. Simply stated, it is holding the web back from it’s true potential. Well, it looks like Google has done the work for Microsoft, with Google Chrome Frame for IE.

Essentially, Chrome Frame replaces all of the guts of IE with Chrome technologies. This extends beyond the rendering engine – it replaces the JavaScript engine as well, and whatever other parts needed swapping out. Using Chrome Frame, IE can immediately start to render HTML5 (canvas, audio, video), CSS3, and more. Even better, under Chrome Frame, all IE rendering quirks would cease to be an issue. Oh yeah, and it also makes IE faster – ten times faster for JavaScript performance, even in this beta stage.

To utilize Chrome Frame on your site, all that is needed is a single meta tag – if Chrome Frame is installed, IE will use it, and if not, the page will still render. This is very nice, unobtrusive behavior indeed.

<meta http-equiv="X-UA-Compatible" content="chrome=1">

Google developed Chrome Frame primarily for their upcoming Google Wave communication software. It probably became quickly evident to Google that they would never be able to offer the rich functionality that Wave requires under IE. I would expect that the release of Chrome Frame is ruffling some feathers at Microsoft – Google seems to be getting on the nerves of some it’s major tech competitors lately using similar tactics. Still, it’s hard to see how consumers lose with this move – to some extent, it’s the best thing that could happen to Internet Explorer.