With the increasing popularity of JavaScript, and rising usage of JavaScript in the browser, it is becoming very effective to use JavaScript on the server to have a single end-to-end language for both client and server-side development. Options for server-side JavaScript are also increasing.

Jaxer is a new server that uses server-side JavaScript for HTML generation, using the standard browser DOM model (it is actually running Mozilla’s engine on the server) as the API. Persevere is a JavaScript based database system, that integrates a JavaScript based object model with object persistence. Dojo’s new PersevereStore, which is built on the JsonRestStore, allows code running in Jaxer to easily query, manipulate, and interact with data in Persevere by running Dojo on Jaxer’s server-side JavaScript environment. These two JavaScript servers can complement each other, with Jaxer providing HTML presentation/generation and Persevere providing the data object model and persistence, with JsonRestStore as the bridge.

(more…)

One of the stores built on JsonRestStore and included in Dojo 1.2 is the new CouchDBRestStore. CouchDB server is a JSON-based schema-free database with clustering and fault-tolerance. This new module utilizes the JsonRestStore RESTful capabilities to interact with a CouchDB server. CouchDB has a standards-based REST interface that integrates well with JsonRestStore via a few adaptions from the CouchDBRestStore modules.

(more…)

Security in Ajax web applications is of growing importance. While the client-server model is very useful for architecting web applications, the web security is model is not client-server, but rather a client-deputy-server model. Understanding this security model is important for building secure web applications, and it is becoming even more important as we build mashups and web applications that utilize cross-site resources.

In a client-server model, the client acts on behalf of the user, and the server trusts the client to the degree that a user is authorized. In the client-deputy-server model, the deputy (the browser) acts on behalf of the user, with suspicion of the client (web page/JavaScript), taking responsibility for some aspects of security, limiting client to client interaction. By understanding the mechanisms for the deputy boundaries, servers can appropriately participate in the security model with proper trust for the browser to act on behalf of the user. We will look at how to secure resources from being accessed from the wrong clients and protect clients from malicious server code.

(more…)

There is growing support in browsers for offline capabilities with the HTML 5 specification for local storage, offline notifications, and offline application cache, but adapting an application to store changes locally and do synchronization when connectivity is restored remains a major challenge for developers. Dojo 1.2’s new dojox.rpc.OfflineRest module automates the local storage of data and synchronization by leveraging the Dojo Data and REST abstractions. The OfflineRest module augments the JsonRest service in Dojo such that requests are cached in local storage for offline access, and modification requests (put, post, and delete) modify the cache and are recorded for delivery to the server; immediately if online, otherwise when connectivity is restored. Furthermore, JsonRest is the core engine used by JsonRestStore. Consequently, you can simply use the standard Dojo Data API with the JsonRestStore and effortlessly add offline capability with no modifications to your data interaction code. The underlying Rest service automates the handling of caching, storing data locally, and syncing changes. In addition the new OfflineRest module has no dependency on plugins, but rather progressively utilizes offline features that are available, while still operating properly on legacy browsers without offline support.

(more…)

Just back from @media Ajax with a few ideas buzzing around. One based on this comic:

It's patently absurd. And yet it's what we do with accessibility all the time, and in some ways the differences between someone with a visual impairment and someone with dexterity difficulties could be greater than the differences between a Spanish and Italian speaker.

(more…)

I gave a talk on Dojo Wednesday at ZendCon, and when I walked into the room for the talk, there was some disorder as the conference center staff were taking out the tables to fit more chairs in. Even with the extra space, the room was totally packed, thanks in large part to the amazing Dojo integration work that the Zend team has done.

(more…)

Recently, using the Deft project, I created a multi-file uploader Flash component for DojoX. It uses a typical design pattern—embed a hidden SWF in the web page, and with the ExternalInterface, trigger the FileReference’s browse() method to open a system dialog.

Shortly thereafter, it came to my attention that this functionality is to be crippled in version 10 of the Flash player. Due to security concerns, a dialog can only be opened upon a user interaction—in this case, the user must click on a button, preventing malicious code from opening the dialog. This change has caused quite an uproar on the Adobe forum, and the SWFUpload forum.

(more…)

Building the Dojo Toolbox allowed us to dive into Adobe® AIR™, and to create a blended toolchain of JavaScript, PHP, Python and Rhino (JavaScript on the Java Virtual Machine) for developing an amazing desktop application using open web technologies. Read about how we built the Toolbox and what we really think of AIR.

The Initial Whirlwind

We started in late May with zero experience developing an Adobe AIR application and a goal of getting a great application developed in about one month. We had to figure out what exactly we wanted the Toolbox to do and what it could do. We also had to begin figuring out how to make it all happen. Just about all software projects start out that way, right?

(more…)

Recently, there’s been a spat of editorials regarding custom fonts for the web—with two competing proposals (Microsoft’s EOT and embedding a TrueType font directly with the @font-face directive), as well as the well known Fahrner Image Replacement technique, and the related sIFR (Scalable Inman Flash Replacement) technique.

I’m pleased to announce yet another technique: rendering SVG font definitions using dojox.gfx, coming in the Dojo Toolkit 1.2 release!

(more…)

For UI professionals, the process of visually prototyping an application is a cornerstone in the design process. The challenge has always been to find a tool that will allow us to quickly develop visually detailed, and hopefully somewhat interactive, wireframes and mockups.

Outside of a few incredibly expensive applications, however, there are only a few really versatile options available to UI professionals. The ideal solution would be an application that allows UI pros to quickly wireframe interfaces, then populate the wireframes with high quality graphical elements to create a near-pixel-perfect mockup, share a graphical library with colleagues which can be independently updated and which could automatically propagate changes to dependent mockups, and finally allow for some interactive elements that could demonstrate actual interaction scenarios and allow developers to “experience” the interactions we are designing. Of course, the ability to easily translate a mockup directly into some workable, skeletal code would also be delicious.

(more…)