mrclay.rg

Designing a Highly Reusable HTML Component

The UF College of Education uses a header/footer template designed to be applied to any page, and we use this across several applications such as WordPress, Moodle, Elgg, and Drupal. Changes can be propagated quickly to all sites, and adding the template to new PHP apps is trivial. If you need to create an HTML component that can be

[...read the post]

String Subtypes for Safer Web Programming

Valid HTML markup involves several different contexts and escaping rules, yet many APIs give no precise indication of which context their string return values are escaped for, or how strings should be escaped before being passed in (let’s not even get into character encoding). Most programming languages only have a single String type, so there’s

[...read the post]

Bookmarklet: Horizontally invert HTML5 videos

My demands for “reverse” glasses have gone unserved, but I made a bookmarklet that provides the same effect: “flopping” a video horizontally. Install the SwitchStance bookmarklet, for which you’ll need a modern browser that supports CSS transforms on video elements. Opt-in to YouTube’s HTML5 trial Load up any video without ads (here’s one of Matt

[...read the post]

Designing a Contextual Role-Based Capability Control System

Update May 2: ScopedRole is now a PHP5.3 library based on this design and is passing initial unit tests! After surveying a few permissions models that one might want to choose for an LMS, I think Moodle really got right the notion that role-based permissions should be flexible depending on the domain(s) the user’s in.

[...read the post]

IE6/7 CSS Specificity Bug

After our team launched the new College of Education site, I discovered that IE8′s handy “Browser Mode: IE7″ mode of IE8 is useless for real IE7 testing (but IETester actually works!). Undoubtedly this “IE7 mode” has many quirks in its emulation we’ll never know about, but after a few hours of hair-pulling I finally pinned down a

[...read the post]

Customizing a Zend Navigation Menu

Zend Navigation has a menu helper class that can output a basic nested UL menu. You can set id/class attributes on the A elements, and it adds an “active” classname to A elements in the active branch, but customizing the markup beyond that gets complicated.

[...read the post]

We need a frontend design tool for live web pages

It’s quite frequently that an HTML/CSS designer might want to make changes to a live web page. Maybe she doesn’t have write access, or maybe the fixes needed aren’t worth the start-up cost of copying the page locally and working on it there, or multiple designers want to work up ideas on a given page

[...read the post]

E-mail Address Munging Still Mitigates Harvesting

At least a decade into the use of simple e-mail munging on web pages (my own solution here) there’s a growing consensus—and it seems like common sense with the advancement of the web in general—that this surely can’t still work on modern harvesters. While trying to look up some old research I’d read about this,

[...read the post]

Using jQuery Before It’s Loaded

It’s better to include scripts like jQuery at the end of the BODY, but this makes its methods inaccessible earlier in the page (e.g. inside a WordPress post). What you can do is use a script like the one below to queue DOMReady functions before jQuery loads. (function (w) { if (w.$) // jQuery already

[...read the post]

Tiny E-mail Munging Script

I’ve seen a lot of these that are bloated/less effective/inaccessible, so I might as well put this out there. It’s simple enough to modify if you’re comfortable with Javascript. Markup: <a href=”mailto:john{@}example{.}org”>john{@}example{.}org</a> (function(){ var a, i = 0, o = this.onload; onload = function(){ o && o(); // run the old window.onload if existed while

[...read the post]

Netscape 4 Source Code Hell

Netscape Navigator 4 was—very briefly—the best browser available, then the best available on certain platforms, then finally for the longest time a terrible wreck of a browser hated by every web developer. So it’s nice to see NN4′s programmers suffered working on it, because tons of people suffered working around it.

[...read the post]

Google’s School for Hackers

Google is offering programmers their own personal sandbox application—called Jarlsburg—and hints of how to exploit the common vulnerabilities purposefully left in it. Although Google is basically walking folks through how to attack apps, publicizing this info is a necessary evil in order to build safer programmers. We have to start thinking of each line of

[...read the post]

Uh-Oh: Firefox’s Unique Session Cookie Behavior

By now, Opera’s invention of restoring tabs automatically is available in most browsers, but unlike every other browser, Firefox’s restored tabs retain session cookies for the domains of the saved tabs Firefox restores all session cookies as if the browser were never closed. This is handy in some ways, but dangerous in others: It’s fooling

[...read the post]

Elgg, ElggChat, and Greener HTTP Polling

At my new job, we maintain a site powered by Elgg, the PHP-based social networking platform. I’m enjoying getting to know the system and the development community, but my biggest criticisms are related to plugins. On the basis of “keeping the core light”, almost all functionality is outsourced to plugins, and you’ll need lots of

[...read the post]

IE9 May Raise the Bar

Wow. IE9 is coming, and it looks like it’ll get Microsoft back in the game. Full Developer Guide. The Good: New standards supported, hardware-accelerated canvas, SVG, Javascript speed on par with the other browsers, preview installs side-by-side with IE. The Bad: Not available on XP and no guarantee it will be. XP users will be stuck

[...read the post]

SQL Server 2008, Domain Auth, PHP5, Ubuntu Server

May this save you pain.

[...read the post]

“Scary Web Error!”

Apparently on a few AT&T phones, a few Facebook users were dropped into accounts of other users. After typing Facebook.com into her Nokia smart phone, she was taken into the site without being asked for her user name or password. She was in an account that didn’t look like hers. … AT&T spokesman Michael Coe

[...read the post]

Configuring Sendmail for UF’s SMTP

Our Ubuntu web host, hosted with OSG, was not able to send mail (using PHP mail) outside of UF. An OSG tech said our From: header should be a valid address at UF (check) and that the logs at smtp.ufl.edu showed those messages never made it there. The solution was to configure sendmail to use

[...read the post]

Get higher quality images within printed web pages

Due to web images being optimized for on-screen display (let’s say 96 DPI), images on printed pages are usually blurry, but they don’t have to be: Start with a high-resolution image. E.g. 2000 x 1000. Save a version with dimensions that fit well in your printed layout when placed in an IMG element. E.g. 300

[...read the post]

Call it “SecondOpinion”

The creators of StackOverflow should team up with the Dept. of Health & Human Services and launch a medical Q&A site based on the SO model. StackOverflow was designed by a few programmers to scratch an itch within the community, and the model they came up with made it the most effective question/answer site I’ve

[...read the post]