A friend recently passed a long an article found on slashdot regarding XSS, and for more information I visited the Mozilla Blog that discusses this concept in greater detail. In an effort to save time I will summarize the articles as this, you will not be able to use in-line javascript, inline event handlers, or load javascript from unapproved domains. Basically, you will need to have all your javascript loaded in external js files, and then create a policy that allows the js to be loaded by a domain. Now after reading these articles, and mulling the concept over for a few minutes, a few things came to mind.
The amount of legacy code that produces inline javascript, or inline event handlers, etc..
The amount of time to refactor this code, and I am referring to enterprise applications not your Mom’s blog.
A way to move developers towards unobtrusive javascript, i.e. adding event handlers through script and not putting them directly into the html markup. This is a positive as markup is markup.
With this approach would the need for Javascript micro-architectures arise? Think PureMVC and Cairongorm for Flex. After all we are already using javascript application frameworks, shouldn’t we have some architectural frameworks for html/css/javascript clients?
Overall I am not to0 concerned with the implications of the concept presented by Mozilla. I feel that in the end it will make developers realize that there are some fundamental shifts needed in the client side development arena that go beyond creating the next cool javascript widget or library.
XSS is a real threat and by attempting to solve this issue we may all have to create a better architecture for our clients.
Yes, yet another Twitter client. Does the world really need another Twitter client? Probably not. But this particular client was created based on a challenge that was issued by a fellow developer. The challenge – create a Flex app that uses a social networking service, and has at least one custom component, all in five minutes or less.
Here is the source code download, go ahead and tool around with it: Flex 5 Miute Challenge Source Code
So go ahead and have some fun, get together with some developers and tryout the ‘Flex 5 Minute Challenge’
Since my buddy and I made this up we came up with these rules, feel free to change them:
Flex application must utilize any service provided by a publicly available social networking site.
The application must contain at least one custom component.
Time begins as soon as you start writing code and the app must be published as a release build before 5 minutes is up.
That’s it, it’s fun, give it a shot.
So here it is:
RESTful services, ah the thought of leveraging the HTTP protocal to make web service development much simpler than the ‘ole SOAP. But there is a problem, if you are a Flex or Flash developer that relies on the Flash Player. You see, staying true to the methodology and spirit of RESTful services means that an HTTP Status Code of 404 actually means something. It means the resource that was requested was not found. So in a RESTful service you may call a phone book service that returns a person and their phone number. Well if that person does not exist the REST service returns an HTTP Status Code of a 404. Get it? Got it? Okay.
The problem with REST and Flex/Flash is that the Flash player is not able to allow you to write code to handle a status code that falls out side of the 200 range. If you receive any status code that is not in the 200 range then you receive a fault error. “If I am calling a REST service and I get something other than a 200 then I can just treat it as a 404,” you say. Not so fast, what if you get 500 range status code? Hmm, now what? Enter, Flex and Javascript together.
Leveraging Javascript with Flex can allow you to handle HTTP Status Codes without having to write server side proxies or having to beg the RESTful Developers to not use status codes as their request response.
Here is how the Javascript and Flex solution would work (here is the source code – JavascriptFlexStatusCodeSolution)
The idea is to use ExternalInterface in Flex to call a Javascript function. The javascript function makes the call to the RESTful Service. When the response comes back we use javascript to check the status code and then call the appropriate Actionscript code in the SWF file. Sounds simple? It is, so download the code and check it out, and hopefully you can get past the status code pain.
Here is my presentation from the 360Flex Conference. The presentation topic is how to use Javascript and Flex together through the Flex Ajax Bridge and ExternalInterface. The presentation also includes all of the code needed to run the examples. This was a hands on presentation so the code is very generic but useful. Your comments are always appreciated.
[slideshare id=1533095&doc=flexjavascript360flexpresentation-adrianpomilio-090604092612-phpapp01]
Posted: June 13th, 2009
at 2:30pm by Adrian Pomilio
Tagged with 360Flex, Actionscript, Adrian Pomilio, ExternalInterface, Flex, Flex Ajax Bridge, javascript
Categories: Actionscript, Ajax, Flex, javascript
Comments: No comments
It’s been a while since my last post but work has been very hectic of late. Now, with a little extra time I want to fill you in on 360Flex Indianapolis. Read the rest of this entry »
Well, here it is the time to shine, or the time to get out and learn a lot more about Flex. This upcoming week is 360Flex in Indianapolis and there are still a few tickets left. The speakers are amazing, maybe not me, but the others are. The time to learn everything you ever wanted to know about Flex will be right there in front of you. Come on out, check it out, and don’t forget to check out the FABfridge presentation. It won’t ‘blow your mind’ but it will show you how simple it is to integrate Javascript and Flex. Most of all the useful things are not mind blowing at first, but they become that after you call back on those thoughts and win the day for your boss.
If you get there and your not sure who to talk to, then just ask for A, I’ll be glad to share a brew with you and talk about anything!
Posted: May 16th, 2009
at 5:32pm by Adrian Pomilio
Categories: Blog
Comments: No comments
A few years ago a friend of mine, Jared Klein, and I decided to start a non-profit that could raise money for the fight against cancer. We were two lacrosse coaches and so we founded an annual lacrosse tournament to raise money. This year we held two events, April 25th and May 10th, and both events combined were able to raise almost 10k for the St. Baldrick’s Foundation. What I was wondering, or actually crowdsourcing (to borrow a term from Doug McCune), was if there were people who would want to help work on the ‘ultimate’ Stick it to Cancer site for 2010? If you are interested, or want to know more visit www.stickittocancer.org, or shoot me an email at stickittocancer@stickittocancer.org.
Posted: May 16th, 2009
at 5:27pm by Adrian Pomilio
Categories: Blog
Comments: No comments
Well I guess this would be one of those rare posts that fall into ‘the rest’ category. It’s not technical in nature but it makes me feel like I am doing something for the environment. And of course we all know that it’s how we feel that matters.
On March 28th Earth Hour is taking place at 8:30pm your local time. The concept is for everyone in the world to turn off their lights for one hour. The website can be found here: http://www.earthhourus.org/ .
In my home we are taking it one step further. We are turning the power off at the breaker for two hours. Why at the breaker? Because all those wonderful electronic devices you have keep pulling juice from the power grid. We migh even make it a weekly habbit at our home. Why not, we can always go for a walk or sit in the backyard and stare into the sky.
I just got accepted to speak at 360|Flex Indy! The show will be going down May 18-20, 2009. You can check out Read the rest of this entry »
On Dec. 1st I received my copy of ‘Creating Visual Experiences with Flex 3.0‘, by Juan Sanchez and Andy McIntosh (2009 Pearson Education Inc). I am a bit of a book fanatic, and find that books are my best resource, but lately there has been a glut of Flex and Air books to hit the market so I was a little skeptical about an AFFB (another freaking flex book). Then I read this book, actually the entire book in 3 1/2 days. All I have to say is… “freaking brilliant.” This is not AFFB. Read the rest of this entry »
