Dylan Schiemann

Andrew Betts has delivered a phenomenal summary of cross site scripting (XSS) techniques and options in today’s browsers in his article Cross Site Scripting Joy.

When I was working on a project a couple of years ago, I had an idea for a great, alternative way to select a date. In the end, the better parts of my work made their way into Dojo, and the natural language feature was dropped as it was non-essential at the time.

Today, I saw the very nicely done DateJs library by the people at Coolite, and at a first glance, their work looks really impressive. Combining this with a nice Dojo Date TextBox would start to approach what I had wanted to build previously.

John Resig’s EcmaScript Cloud reminds me of our earlier DHTML Universe, except this is from the perspective of browser vendors and language implementers rather than users and extenders. Very cool.

Apple has collated a list of supported CSS properties in Safari. Most notable are the list of webkit-* properties, which are implementations that are either attempts at implementing a CSS 3 draft concept, or experiments by Apple in making CSS better.

On Surfin’ Safari, there’s also a new article about 10 new things with WebKit 3. For those not in the know, Safari and many other browsers are based on WebKit. Safari 3 is based on version 3 of WebKit.

That said, you won’t find more experimental features such as CSS Transforms in Safari 3… those features are found in the current WebKit nightly builds only.

Last month, Microsoft created a document outlining each of the major browser’s deviations from the ECMAScript 3 standard. The blog entry links to the full 87 page summary which is pretty informative. For example, something as straightforward as parseInt(string, radix) has different behavior across browsers.

When radix is 0 or undefined and the string’s number begins with a 0 digit not followed by an x or X, then the implementation may, at its discretion, interpret the number either as being octal or as being decimal. Implementations are encouraged to interpret numbers in this case as being decimal.

alert(parseInt("08", undefined));
alert(parseInt("08", 0));
alert(parseInt("011", undefined));
alert(parseInt("011", 0)); 

Output:
IE: alerts 0, 0, 9, 9
FF: same as IE
Opera: alerts 8, 8, 11, 11
Safari: same as IE, FF

Dojo 1.0.1 has been released. Users of 1.0 are encouraged to update, and should have no issues with the migration. As mentioned previously, this release fixes 40+ bugs from 1.0, but there are no API changes.

Also, a quick reminder that SitePen will conduct a 2-day Dojo training course in Palo Alto in early December. Seats are still available. Please sign-up if you’re interested.

There’s been an increasing amount of talk recently about web 3.0, ranging from discussions of the semantic web, to discussions about significant improvements to user experience. The latter was an interesting article, because it describes how, in that authors mind, Dojo implements a lot of features he defines as web 3.0! Vector graphics and offline support have been important to me for quite some time, and we really are just starting to scratch the surface on the possibilities with these features.

Later today (Wednesday), Adam and/or Alex will push Dojo 1.0.1 live to the world. It’s been an odd year with holiday releases:

Easter Sunday: First 0.9 development milestone
US Independence Day: 0.9 beta
Halloween: 1.0 release candidate
Thanksgiving: 1.0.1
Christmas: 1.0.2 (planned)

There’s an updated Dojo 1.0.1 release candidate ready for download. This minor update does not change any APIs, but does resolve approximately 40 bugs in Dojo 1.0. Please give it a try and report any regressions. Assuming things go well, we’re releasing Dojo 1.0.1 on Wednesday in time for Thanksgiving.

I’ve been working with Karl on answering the question of “who uses Dojo”. We still have work to do to clean this up, but for now, check out the first few entries of the Dojo Spotlight.