Wishful Coding

Didn't you ever wish your
computer understood you?

Cross-domain AJAX POST request -- Twitter client

One of the top items on my web-project-wish-list is a client-side Twitter client written in JavaScript, without resorting to a proxy.

The problem

The technology needed to write web applications is named AJAX, but for security reasons, AJAX has one important limitation! You can not make requests to another domain. Imagine what would happen if a malicious website would request your gmail inbox while you are logged in!

Alternatives

Because of this limitation, people started to look for other ways to make cross-domain request. Bring in JSONP! JSONP allows you to request data from another domain by inserting a script tag with a src attribute referring to the data location. This is used in the Twitter widget showed in my sidebar. JSONP has two limitations.
  1. You give the other domain scripting access to your site, opening a potential XSS vulnerability.
  2. You can only make a GET request.

iframes

Hidden iframes are another method to make asynchronous requests, but they to are limited to GET requests and are only accessible from the same domain. I have not yet found a solution for the access problem, but I can make POST requests.

The solution

  1. Make an iframe and set its display property to hidden.
  2. Load a page in the frame containing a form.
  3. Add hidden inputs to the form.
  4. Submit it!
Example: Click here to send a tweet to Twitter about this post!

iframe removed

The only remaining problem is that we can not access the return data, but as you can see, that is not needed in all cases.
Published on

Clojure static site generator

Ever wondered why systems like Wordpress generate the whole page every time a visitor comes around? I did, and I'm not the only one. There are numerous static site generators and caching plugins around, and this is one of the former. First I wanted to write a static site generator in Python, but there is already one. I started to learn Clojure, and met defn on the Clojure IRC channel, who also wanted to write a Clojure static site generator. We started coding, and that is how Utterson came to life. I must admit though that I haven't heard very much of defn since the start of the project. Utterson works by threading Markdown files through Clojure template files to generate static HTML files. Other files(images, etc.) are copied as-is. 
java -jar utterson.jar src dest
The project is currently in a state in which it works, but it would make for an awkward blog, since there are still some base features missing. http://github.com/pepijndevos/utterson For now this blog is going to be using Wordpress, until I finish the generator and find solutions to problems like comments.
Published on

Three good reasons to run a Webkit Nightly

  1. You get to use the latest an coolest features around.
  2. You can try out my 3D CSS browser game, which is finally online.
  3. You can see this wacky CSS endless zoom effect, and other beautiful show-offs.
No, seriously... You might not need it for daily web usage, but if you are a developer, it's fun! Get it at webkit.org, even the nightly is more reliable than IE6. I'm using it right now to write this.
Published on