You are here: Home / Archives for javascript

20 Things I Learned About Browsers and the Web

June 6, 2011 By Leave a Comment

A Twitter post alerted me that something called “20 Things I Learned” went open source. Curiously, I went to check out what “20 Things” actually is.

“20 Things I Learned About Browsers and the Web” is an e-book created by the Chrome team back in November of 2010. It shows you what the Internet is, and how it’s being used today. It then moves on to the building blocks of web pages, HTML, JavaScript, and the modern browser and how it helps to keep users secure. Finally, it looks towards the future, speculating on new technologies to improve the web experience.

It is a book, and at the same time a showcase of what modern browsers can do: curling pages, use keyboard and mouse interfaces to turn pages and go to certain sections in the book, zoom in and out, and change background colors on the fly.

And then for the Tweet that led me to “20 Things”: Google open-sourced the book. The source code is available for anyone to download, and tinker with. It shows the techniques that were used in developing the book (Google App Engine at the back-end, HTML5 at the front-end), and allows developers to learn how to apply the same techniques to their own projects.

All in all worthwhile to check it out, both as a developer interested in the techniques, and a user who is interested in the web.

Filed Under: Books, Features Tagged With: , , , ,

NotScripts – The NoScript option for Chrome

August 19, 2010 By Leave a Comment

Tuesday the 18th of August a Google Chrome plugin called NotScripts was released that makes controlling which JavaScripts, IFrames and plugins run in your browser a whole lot easier. NotScripts is developed by Eric Wong on the Optimal Cycling website.

Before this plugin, you were forced to use the Chrome Option to disable JavaScript, and selectively allow sites to run JavaScripts. However, when you enabled it for a site, everything that that site sent to you was enabled – including potentially harmful third party sites using JavaScript. It is possible to dive into the settings and enable some sites while disabling any malicious websites, but it was far from user friendly. I desperately missed the NoScript from Firefox. So desperately, that in some cases I went back to Firefox to make sure I wouldn’t be exposed to any JavaScripts I didn’t like.

After installing NotScripts, a little pyramid icon appears in your address bar, to the left of the bookmark button. Clicking it shows a list of all the sites that try to run scripts on the page you’re viewing. You can enable them one by one, or temporarily allow scripting globally. When at least one site is enabled, the pyramid now gets a green square over it.

The installation requires you to modify a file deep in the bowls of your computer. The file contains a password used to encrypt the settings from NotScripts, as they are stored in an area accessible by any site you’re visiting. So to prevent tampering with the file, it’s encrypted. I think in later versions this may be controlled with a settings option, to make it user friendlier. Then again, this is a one-time option, so it’s not too invasive.

Part of NotScripts option page, with password enabled

NotScripts is open source and is released under the GNU General Public License v3. Development is continuing (version 0.9.1 was released the 18th, one day after 0.9.0!), and the author is asking for donations to continue development.

Filed Under: Software Tagged With: , , ,

Firefox and NoScript to the rescue

November 10, 2008 By Leave a Comment

I’ve been an avid listener of the Security Now podcast for a couple of years now, and learned a lot of interesting things concerning cryptography, possible avenues of attack on your home network, etc. But two recent episodes of SN showed me that the Internet is a dark and dangerous place, and that you need all the protection you can get. In this case, Firefox with the NoScript plug-in.

Before the two episodes aired, Steve Gibson had stressed the danger of having JavaScript executing in your browser when visiting an unknown site. This was my first encounter with NoScript, which, as the name implies, prevents Javascript from executing. The advantage above just turning off Javascript all together, is that you can allow certain sites, and block certain others. It can be a hassle sometimes to figure out which site you need to turn on to allow your webpage to display properly, but the added security is IMHO worth it.

The first episode that peeked my interest was episode 166, “Cross-Site Request Forgery“. Steve does a much better job in explaining this, but in a nutshell it is the technique that one site uses your cookies for another site to issue a GET request on a form, by displaying an “image”. Much to my surprise, NoScript was mentioned as a plugin for Firefox to prevent this.

The second episode was even more sinister. Episode 168, “ClickJacking“, describes how a page can use an Iframe to display another page behind innocent looking content, and trick you into clicking on a button in the hidden page instead of on the displayed page. This can be used to activate your camera and microphone in Flash, or change your password on MySpace to something only the owner of the malicious website knows. Once again, NoScript was suggested as the way to prevent this from happening to you.

So, Firefox with NoScript comes to the rescue of the beleagured Internet user. And I’m impressed with the development done on NoScript: starting out as a “simple” tool to turn JavaScript on and off for sites, it has now grown into the armor that is added to Firefox to protect you from most malicious websites.

Unless, of course, you turn off the script protection, as both Steve Gibson and Leo LaPorte confessed to in the latest Q&A episode…. :-)

Filed Under: Miscellaneous Tagged With: , , , , , , ,