Tales from the Evil Empire
Bertrand Le Roy's blog
-
OpenAjax meetings
It was my great pleasure to be at the face to face OpenAjax Alliance meetings for the first time last month. Thanks to the nice people at IBM for hosting them. I really enjoyed the discussions with Alex from Dojo, Gideon from OpenSpot and many others. There were also great demos of OpenAjax-based interoperability.
-
Scott on JSON hijacking
Scott has a great post on how ASP.NET Ajax has built-in mitigations already in place for JSON hijacking attacks:
http://weblogs.asp.net/scottgu/archive/2007/04/04/json-hijacking-and-how-asp-net-ajax-1-0-mitigates-these-attacks.aspx -
ASP.NET Ajax UpdatePanel PDF erratum
I corrected a few remaining errors in our O'Reilly shortcut on UpdatePanel (mainly references to the old Atlas codename). If you already bought it, you can download the new version for free. And if you haven't, what are you waiting for? ;)
-
Microsoft joins OpenAjax
I'm extremely pleased to announce that we're joining OpenAjax today and that I'll represent the company in the organization's meetings starting this Thursday. This is a way for us to ensure that our user community can combine the Microsoft AJAX Library and ASP.NET 2.0 AJAX Extensions with other frameworks, today and in the future. Interoperability in the browser is a hard problem but it opens key Ajax scenarios. An industry-wide organization such as OpenAjax is a great way to ensure this goal is met in the long-term.
-
What are these Foo$Bar$baz functions in the Microsoft Ajax Library files?
If you've looked at the debug version of our JavaScript files, you may have noticed code similar to that:
-
How to manipulate files inside Inetpub/wwwroot all day without being bugged by UAC
A lot has been written about UAC. Some choose to disable it. I chose not to and I'm doing just fine. At least, I don't have to type in my password on every prompt like on some other OS that likes to mock us on TV ;)
-
UpdatePanel PDF updated for ASP.NET Ajax 1.0
The PDF document that I wrote with Matt Gibbs a while ago on UpdatePanel is now up to date and in sync with the RTW (Release to Web) version of the ASP.NET 2.0 Ajax Extensions. It's a 60 page document that teaches how to use the UpdatePanel control to incrementally "ajaxify" an ASP.NET 2.0 web site. The booklet comes with downloadable code samples that are immediately applicable in the real world. -
What happens when Mozilla, Microsoft and Opera get together under Douglas Crockford's moderation?
A very interesting conference that's available from Yahoo!. Douglas Crockford's introduction is worth the watch in itself but the others also have very interesting things to say.
-
ASP.NET Ajax-aware JavaScript IntelliSense available from the Orcas CTP
This is an absolutely awesome feature. IntelliSense / autocompletion for JavaScript is a difficult problem (because of the dynamic nature of JavaScript) which the Visual Studio team is brilliantly solving. They were able to build an elegant solution to the problem that works reasonably well on plain JavaScript, but really shines when used with ASP.NET Ajax. The type information that we added to our debug scripts through doc comments really helps in making the whole experience seamless.
-
How to work around the access denied cross-domain frame issue in ASP.NET Ajax 1.0
Some users have run into an issue when hosting ASP.NET Ajax applications in a frame or iframe that's in a different domain from the top-level window. If you try to do that and browse to the page using IE, you'll receive an "access denied" error client-side any time a DOM event is raised in the frame. The code that's responsible for that is Sys.UI.getLocation. This is a tricky piece of code that determines the pixel coordinates of a DOM element relative to the top-left corner of the page, so that an absolutely positioned child of the body using these coordinates would exactly cover the element you measured. This is useful for drag & drop, popup scenarios like auto-complete and when an event is raised to get mouse coordinates relative to the event source. This is this last piece that explains the problem. The code in this method is different for each of the browsers that we support because each one of them has its own behavior that cannot be determined as we usually do by dynamically looking at capabilities. You just have to know for example that browser X is not counting an element's scroll position if it's absolutely positioned and a direct child of body (names changed to protect the guilty). That's the kind of problem we had to work around. Luckily, IE has two very handy methods to retrieve this kind of coordinates that enables us to bypass completely a number of bugs that we just couldn't efficiently work around: getClientRects, which gets all rectangles the element occupies on the page, and getBoundingClientRect, which returns a single rectangle that bounds the whole element. In the method that we shipped, we've been using getClientRects and getting the first rectangle because we wanted to have consistent behavior across browsers even if the element is a wrapping element such as a span: in this case, the top-left corner of the element is the top-left corner of the first bounding rectangle, which is different from the top-left corner of the global bounding rectangle: