2009 Nov 23, 12:38Update to SVG Web: "SVG Web is a JavaScript library which provides SVG support on many browsers, including Internet Explorer, Firefox, and Safari. Using the library plus native SVG support you can
instantly target close to 100% of the existing installed web base."
svg development web browser ie firefox safari javascript technical 2009 Nov 20, 7:20I think I'm stuck on the first part of the Ars review "so it has taken the netbook, which was already a crippled notebook, and crippled it even further by removing a ton of flexibility and
functionality". Still conceptually I like the idea and hope they figure out all their use cases.
google chrome video os web browser technical 2009 Nov 20, 3:08"WebKit nightlies now support the HTML5 noreferrer link relation, a neat little feature that allows web developers to prevent browsers from sending the Referrer: header when navigating either anchor
or area elements."
technical html5 html webkit link referer http http-header web browser 2009 Nov 19, 3:46A free tool dynaTrace Ajax provides "full tracing analysis of Internet Explorer 6-8 (including JavaScript, rendering, and network traffic)". Looks pretty too...
ie ie6 ie7 ie8 performance web http html javascript browser technical 2009 Nov 17, 6:52"What if there was a backwards compatible way to transfer all of the resources that are used on every single page in your site — CSS, JS, images, anything else — in a single HTTP request at the start
of the first visit to the page? This is what Resource Package support in browsers will let you do." Another resource packaging implementation but this suggests they'll actually implement this in
FireFox. One issue with all of these is you can't use the resources from the package in any context that didn't ask to use the package for fear of security issues which means you can't stick the
packaged resources in your HTTP cache. The package itself could go in the cache which would mean multiple packages per page or all your page's resources in one package. Of course the same security
issues are a concern for all of the packaging proposals if a site has any way to inject into the source the request for the package. It'd be a similar vector to the UTF7 XSS issues but much worse
attack.
security web browser http zip firefox resource technical via:kris.kowal 2009 Nov 12, 6:28Google to replace HTTP with SPDY?
browser web http spdy google chrome technical 2009 Nov 12, 3:35Presentation comparing the performance of different JavaScript operations on different web browsers. Suggestions cover full range of good to know to common sense to ugly ugly ugly.
via:thefangmonster performance javascript browser web technical tips presentation 2009 Nov 6, 2:34Tetris player AI implemented in JavaScript.
browser web javascript tetris ai via:ethan_t_hein 2009 Nov 3, 1:33'A few hours after that, Tim Berners-Lee responded: I had imagined that figues would be reprented as <a name=fig1 href="fghjkdfghj" REL="EMBED, PRESENT">Figure </a>'. Ohhhh, that would
have been better.
html history mark-pilgrim browser web images technical 2009 Oct 28, 11:02"This session will expose the goodness in JavaScript, an outstanding dynamic programming language. Within the language is an elegant subset that is vastly superior to the language as a whole, being
more reliable, readable and maintainable." Zeke recommended listening to his talks.
google video technical douglas-crockford javascript programming presentation jslint web browser 2009 Oct 7, 8:10Quirksmode does a chart comparing the differences in various versions of WebKit: "There’s iPhone WebKit, Android WebKit, S60 WebKit (at least two versions each), Bolt, Iris, Ozone, and Palm Pre, and
I don’t doubt that I’ve overlooked a few minor WebKits along the way. All 10 mobile WebKits I’ve identified so far are subtly or wildly different."
compatibility web development browser webkit apple google android iphone safari technical via:mattb 2009 Sep 30, 4:07The hashing part makes sense, but not the 'why no URL query' bit: "But because victim=12345 has already been visited they satisfy condition 2 and they get the 404 page fooling them into thinking the
site has already been taken down. So query strings don't really work." You could implement the same thing in the path and even were that not the case there's no telling that removing the query would
get you the same page. What's described here is a general method to circumvent the AP filter not an explaination as to why it avoids the query portion of the URL.
phishing technical web browser http url hash 2009 Sep 29, 10:54How Firefox and IE7&8 perform feed sniffing
rss feed atom mime mime-sniffing sniffing mimetype web browser html5 technical 2009 Sep 24, 3:58"Put more constructively, if GCF mentioned application/xhtml+xml AND intercepted it, my site would “just work”. But that wouldn’t be an “opt in”, a concept that Ian Hickson once described as yet
another quirks mode switch."
chrome google web browser extension webbrowser mime xml xhtml technical 2009 Sep 24, 3:51A proposed new HTTP header 'X-Force-TLS' to indicate a site only wants to be over HTTPS.
http header security https extension noscript web browser webbrowser 2009 Sep 23, 7:56"I do understand that it would be annoying to warn users every time they run a bookmarklet, but I think it would be sensible to show a warning at least the first time a given bookmarklet is executed.
If you work for a popular web browser vendor such as Microsoft or Mozilla, you can think of this as my wish for the day! I'd love to hear your feedback if you are reading this!"
technical bookmarklet bookmarklets security web webbrowser javascript 2009 Sep 17, 11:12This Javascript Nintendo emulator works amazingly well in Google Chrome. You can play Dr. Mario, Super Mario Bros., Tetris, The Legend of Zelda, etc.
browser javascript nintendo nes game videogame google tetris emulator 2009 Sep 11, 8:39"In the W3C Media Fragment Working Group (MFWG) we have had long discussions about the use of the URI query (”?”) or the URI fragment (”#”) addressing approach for addressing directly into media
fragments, and the diverse new HTTP headers required to serve such URI requests, considering such side conditions as the stripping-off of fragment parameters from a URI by Web browsers, or the
existence of caching Web proxies."
fragment uri via:connolly media url query http http-header 2009 Aug 21, 3:13"At Black Hat USA 2009 and Defcon 17 Nathan Hamiel and Shawn Moyer introduced an attack called Dynamic Cross-Site Request Forgery (CSRF). This white paper discusses the attack and discusses several
Dynamic CSRF attack vectors." Seems to require sites trying to secure CSRF scenarios using session IDs in their URLs.
security csrf research browser web technical
Some rights reserved