Mike Samuel of the Google Caja team (and much more) has a fantastically detailed document on the choices for secure String interpolation in JavaScript. He spends a lot of time discussing: Cataloging the most common vulnerabilities Various alternatives such as templating, DOM manipulation, and tainting Goals and Non-Goals Design and Implementation Benchmarking the choices There are a large number of examples a […]

More: continued here

Michael Mahemoff has released an update to his JavaScript library that gives you access to play with favicons from script.The main point of this library is to update the favicon via Javascript, but at a higher level, its main objective is to provide some support for notifying the user of events in another tab. For […]

More: continued here

John is at it again, writing a piece on recent news surrounding JSON. He links to an updated library by Douglas Crockford,

More: continued here

DomAPI has been around for ever but the package has been updated:DomAPI version 4.5 has a new lower price and a simplified licensing plan. In a nutshell, there are now 2 license types, ‘Free’ and ‘Pro’. Both types can be used on commercial sites, in any capacity, with no restrictions. The benefits of the pro […]

More: continued here

Jörn Zaefferer went absolutely feature crazy when he decided to update his jQuery Validation plugin. Update is putting it mildly with “overhaul” coming immediately to mind. Here are some of the cool new features added in: AJAX-captcha validation example (based on http://psyrens.com/captcha/) Support for “remote” ajax-validation. In other words: Remote validation is now possible and very easy […]

More: continued here

Jeremy Zawodny of Yahoo! just found the YUI Grid Builder that does what you would imagine… gives you a tool to generate your CSS layout. Will Duff took that and made YahooPages which adds even more WYSIWYG fun.

More: continued here

Brian Dillard of Agile Ajax has a review of Billy Hoffman’s new book “Ajax Security”. If you’ve not picked this book up, you really need to. It’s received rave reviews and is quickly becoming the must-have security book for client-side development. As Brian can attest: The book itself, of course, documents dozens more specific security vulnerabilities […]

More: continued here

Adobe Dreamweaver isn’t know for it’s JavaScript support let alone coding help for the popular JavaScript libraries and frameworks. Up to now, developers and designers who’ve used DW for their client-side work have been left out of the fun of other IDEs such as Eclipse and Komodo . That’s all changed now that to a […]

More: continued here

Lipsiadmin is a framework that generates Ext 2.0 views on top of your Rails 2.0 application, a compelling duo indeed. You can strap into your migrations to add menus such as: PLAIN TEXT RUBY:# I will create also my menumenu = Menu.create(:name => "Articles", :admin => true, :position => 1)# And mymenu.menuitems.create(:name => "New Article", :url => "/admin/articles/new",  […]

More: continued here

Cross posted from my personal blog Last week we posted about Jaxer which offers an approach of turtles all the way down where JavaScript is used on the client and the server. Then, I got to interview Steve Yegge. Last year, Steve posted about Rhino on Rails, his port of Ruby on Rails to the JavaScript language […]

More: continued here