Neil's Place

August 27, 2004

8:04 PM Template Languages

There's been some discussion lately about how to improve XUL templates. I just added some comments about this.

Some proposals include using an SQL-like language which generates results. This is suitable for database-backed data, and a query language for RDF is being developed. Others talk about using XSLT since it's already an established template language, although it would only work using XML. Another option is to simply improve upon the existing template system by adding support for conditions, better scripting, and so forth.

For my purposes, I had created ReoPath, which is more closely related to XAML or Flex databinding than any other possibilities. Currently, its design is fairly simple and lacks some features such as recursion, although the eventual goal is to have a number of additional features to do rules, updates based on events, as well as use a better binding syntax.

Despite some progress, I think that everybody has very different ideas about what direction templates and databinding in XUL should be headed towards, so it may be difficult to create something that is easy to use, easy to learn, allows lots of features and is efficient.

Comments ( 31 )

August 17, 2004

7:07 PM Netscape Toolbar

Looks like the Windows version of Netscape 7.2 includes the new Netscape Toolbar. I hear it was developed by some brilliant programmer. I wonder what other exciting things will be available soon?

Comments ( 34 )

August 16, 2004

6:56 PM XUL Tutorial Translations

There are a couple of translations of the XUL tutorial that I know of. There's a French version and a Russian version. If you are translating the tutorial, you might be interested in recent changes. Also, there are changes to the element reference. Let me know if you'd like to be notified of changes in the future.

Comments ( 36 )

August 8, 2004

2:09 PM XUL 2.0 Prioritized

I've now taken my XUL 2.0 wishlist and prioritized the items. I haven't explained my reasoning yet, but the order is based on various factors, including the demand for a feature, how difficult it is to workaround, and how difficult it would be to implement. Add a comment if you don't agree with the order I've put things in.

Note that three of the items are already being implemented.

Comments ( 11 )

August 7, 2004

Mozilla Developer Day Notes
Lots of info from the recent developer day

August 1, 2004

11:48 AM Codebase Principals

There's a preference in Mozilla called 'signed.applets.codebase_principal_support'. I've seen numerous XUL application authors and others encourage their users to set this preference to true. I'd imagine a significant number of mozdev developers have this enabled. What does enabling this preference do? It allows all web sites on the Internet to delete files on your hard drive with only one click.

OK, that's a bit misleading. What it really does is allows permissions to be granted based on the hostname and directory of a site rather than its certificate. It effectively disables code signing in a sense, which means that unsigned code can run after the user clicks OK in one dialog box. Also, it allows this for every web site, not just a particular one.

Now, I don't think code signing provides much extra security, since malicious code can also be signed. However, one generally has to pay for certificates ($300-$400 per year), and figuring out how to sign code is such a complex task that no one bothers, and as a result, you won't find a lot of signed code around. Still, there is at least some comfort with signed code, since one can see the name of the organization which signed it, assuming that someone isn't trying to trick you by using a certifcate from 'Amazon Retailers' instead of 'amazon.com'.

The point though, is that enabling the codebase principals preference reduces your security, and no author should ever be asking their users to enable it.

Comments ( 12 )