Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Advanced JavaScript

Bastian Hofmann
February 22, 2013
Programming
5
790

Advanced JavaScript

Bastian Hofmann

February 22, 2013
Tweet

More Decks by Bastian Hofmann

See All by Bastian Hofmann
Monitoring in Kubernetes with Prometheus and Grafana
bastianhofmann
0
260
Creating a fast Kubernetes Development Workflow
bastianhofmann
0
85
Highly available cross-region deployments with Kubernetes
bastianhofmann
1
120
From source to Kubernetes in 30 minutes
bastianhofmann
0
120
Introduction to Kubernetes
bastianhofmann
1
140
CI/CD with Kubernetes
bastianhofmann
0
140
Creating a fast Kubernetes Development Workflow
bastianhofmann
1
240
Deploying your first Micro-Service application to Kubernetes
bastianhofmann
2
160
Creating a fast Kubernetes Development Workflow
bastianhofmann
0
160

Other Decks in Programming

See All in Programming
#phpcon_odawara オープン・クローズドなテストフィクスチャを求めて / open closed test fixtures
77web
3
230
ONE WEDGE_company_guide
1wedge_one
0
480
大規模UIKitベースアプリへのTCAの段階的導入/gradual-adoption-of-tca-in-a-large-scale-uikit-based-app
takehilo
1
170
Changed Rules: Architectures with Lightweight Stores
manfredsteyer
PRO
0
240
"config" ってなんだ? / What is "config"?
okashoi
0
240
0→1と1→10の狭間で Javaという技術選定を振り返る/Reflecting on the Decision to Choose Java Between Scaling from 0 to 1 and 1 to 10
jaguar_imo
2
380
冗長なエラーログを削減し、スタックトレースを手に入れる / Reducing Verbose Error Logs and Obtaining Stack Traces
upamune
0
680
Random\Randomizer クラスで日常のあれこれを解決しよう! / Random\Randomizer class solves familiar trouble
cocoeyes02
0
240
GraphQLサーバの構成要素を整理する #ハッカー鮨 #tsukijigraphql / graphql server technology selection
izumin5210
4
840
PHP8.3の機能を振り返る / Review of PHP 8.3 features
seike460
PRO
1
110
エンターテイメント業界で利用されるAWS
demuyan
0
210
CA.swift19 恋するAIアプリ開発の裏側
oskmr
0
360

Featured

See All Featured
Robots, Beer and Maslow
schacon
PRO
155
7.9k
Unsuck your backbone
ammeep
663
57k
Designing the Hi-DPI Web
ddemaree
276
33k
Infographics Made Easy
chrislema
238
18k
How To Stay Up To Date on Web Technology
chriscoyier
782
250k
jQuery: Nuts, Bolts and Bling
dougneiner
59
7.1k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
40
4.4k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
19
1.7k
VelocityConf: Rendering Performance Case Studies
addyosmani
320
23k
The Power of CSS Pseudo Elements
geoffreycrofte
60
5k
The Language of Interfaces
destraynor
151
23k
The Invisible Side of Design
smashingmag
294
49k

Transcript

  1. Advanced JavaScript Creating Modern Web Applications @BastianHofmann

  2. Fancy title, isn't it? but what is it about

  3. it's about JS, how you can build rich web applications

    with it, and how you can enhance your app with fancy features. by the way, when i saw the logo first

  4. Let's go back in time to illustrate that .. about

    15 years ago

  5. the web looked like this

  6. or more seriously like, this. lot's of pages linked together,

    some forms, but far way from the user experience a desktop app had

  7. here ebay from back then. overall what you could do

    with a web app was very limited, images, text, forms, animated gifs, background music, marquee text, js was considered security risk, turn it off, due to features not available in browser, low bandwith

  8. php 3 was out, who was around back then doing

    php? and hey y2k compliant

  9. Fast forward to today

  10. web sites, no web apps look more like this, rich

    application, desktop like feeling, offline capabilities, responsive

  11. other example: maps

  12. or whole ides in the browser

  13. So what will we cover today? what will this talk

    be about?

  14. •Web Application development •WebSockets •OEmbed and Caja •APIs and OAuth2

    •Real-Time updates PubsubHubbub •WebRTC we'll talk about several techniques to create such rich, responsive web applications, some so brand new that they are only available in dev channel or nightly builds and some that you can use now in your existing apps

  15. A few words about me before that ...

  16. i work at researchgate, the social network for scientists and

    researchers

  17. ResearchGate gives science back to the people who make it

    happen. We help researchers build reputation and accelerate scientific progress. On their terms. ‟ the goal is to give...

  18. over 2.5 million users

  19. here some impressions of the page

  20. we are hiring, talk to me if you want

  21. have this, and also work on some cool stuff

  22. in addition to this i also speak frequently on conferences

    throughout the world

  23. work and live in berlin

  24. http://speakerdeck.com/u/bastianhofmann the slides with speaking notes will be available on

    speakerdeck after the talk

  25. ? how about you? languages you use regularly? have your

    own product? agency work? long lived, short lived projects? large codebases? frameworks you use? js experience?

  26. Let's start

  27. http://www.meteor.com the app is going to be based on meteor

    js, a js framework that combines server side and client side programming which reduces the amount of boilerplate code you have to write for server to client communication tremendously, still very early, in some areas limited, but really fun to develop with

  28. https://github.com/bashofmann/adv_js_demo/ the code is available on github, so you can

    check it out later and revisit what i did, run it, debug it, play around with it

  29. Let‘s start

  30. demo: basic setup, authorization, displaying the feed, input form, instant

    updated, websocket communication

  31. Fancy, but what's in it for me? now you may

    ask ...

  32. Legacy Project because you most likely have a ...

  33. Lot's of things! actually there are lot's of things you

    can use today in your old, existing project (if time war story refactoring the researchgate codebase)

  34. CSS Bastian first of all this is my relationship with

    css

  35. http://twitter.github.com/bootstrap so to make it easier for you, you can

    look at a very good css framework and see how they are doing stuff, e.g. at researchgate we are not using bootstrap, but modeled some of our css after it

  36. Good starting point when refactoring your CSS it's a ...

  37. Templates next ...

  38. var html="<ul>"; for (var i=0; i < viewers.length; i++) {

    html += "<li>" + viewers[i].displayName + "</li>"; } html += "<ul>"; document.getElementById("#div").innerHTML = html; Where is the error? oftentimes you see something like this in js applications, you iterate over some data, concatenate an html string, and put that into some dom node where is the error? problems: 1st xss, 2nd structure not visible, no code highlights, no ide support, easy to make errors 3rd if your app get's bit, hard to find where the markup is coming from, 4th we are forgetting everything we learned with server side development of web apps, mvc, separation of concerns

  39. Templates so, use ....

  40. Mustache.JS https://github.com/janl/mustache.js } there are lot's of js templating languages,

    some examples

  41. Hogan.js } http://twitter.github.com/hogan.js/ mustache but with precompiled templates -> faster

  42. http://handlebarsjs.com/ also a mustache dialect, compatible but with more features,

    we are using that one in meteor

  43. Two-way communication the last thing you saw in the demo

    was ... ... which means the app updates when something happens automatically, no reloads necessary

  44. WebSockets http://dev.w3.org/html5/websockets/ one way to do this is websockets, if

    this is not available, you can fall back to other techniques, long polls, short polls, flash, ...

  45. socket.io http://socket.io/ libraries helping you with that, e.g. ...

  46. SockJS http://sockjs.org/ .. this one is used by meteor

  47. http://jwebsocket.org/ implementation on the backend: java

  48. http://www.html5rocks.com/en/ tutorials/websockets/basics/ if you want to know how websockets work,

    read the spec, and/or this blog article

  49. Now that we did the groundwork, let's have some fun!

  50. MashUps lets mash or app up with some external data

  51. cool video: http:// www.youtube.com/ watch?v=OFzkTxiwziQ as you saw in the

    stream you often times have status updates like this one, with a link, wouldn't it be nice to not only have the link but also a preview of what's behind the link under it. of course youtube offers embedding videos in other pages through an iframe, so you could parse the url, see that it's youtube, parse out the video id, put it into the iframe url, but what if youtube changes the embed tag? what if you want to support more than youtube? lots of work to build and maintain...

  52. OEmbed http://oembed.com/ fortunately there is a protocol helping us with

    that

  53. http://www.youtube.com/watch? v=OyJd2qsRkNk in oembed if you have url like

  54. you make a get request to it and get back

    the html page, in the head there are some links pointing to an oembed endpoint ('application/json|xml+oembed)

  55. http://www.youtube.com/oembed?url=http%3A %2F%2Fwww.youtube.com%2Fwatch%3Fv %3DOyJd2qsRkNk&maxwidth=500&format=json if you query this endpoint

  56. { "provider_url":"http:\/\/www.youtube.com\/", "title":"Jupiter Jones - Das Jahr in dem ich

    schlief (Musik Video)", "html":"\u003cobject width=\"500\" height=\"306\"\u003e \u003cparam name=\"movie\" value=\"http:\/\/www.youtube.com\/v\/ OyJd2qsRkNk?version=3\"\u003e\u003c\/param\u003e\u003cparam name= \"allowFullScreen\" value=\"true\"\u003e\u003c\/param\u003e \u003cparam name=\"allowscriptaccess\" value=\"always\"\u003e \u003c\/param\u003e\u003cembed src=\"http:\/\/www.youtube.com\/v\/ OyJd2qsRkNk?version=3\" type=\"application\/x-shockwave-flash \" width=\"500\" height=\"306\" allowscriptaccess=\"always \" allowfullscreen=\"true\"\u003e\u003c\/embed\u003e\u003c\/object \u003e", "author_name":"St182", "height":306, "thumbnail_width":480, "width":500, "version":"1.0", "author_url":"http:\/\/www.youtube.com\/user\/Stinkfist182", "provider_name":"YouTube", "thumbnail_url":"http:\/\/i4.ytimg.com\/vi\/OyJd2qsRkNk\/ hqdefault.jpg", "type":"video", "thumbnail_height":360 } you get back a json object with meta information about the url, title, thumbnail and for videos some html which is the embed tag from youtube in this example

  57. cool video: the result may then look like this

  58. http://embed.ly/ if we don't want to do all this oembed

    endpoint lookup and have something more comfortable there is also a web service called embedly, you can just post the url to it and get back the oembed json object

  59. OpenGraph http://ogp.me/ other ways to get meta information about a

    url are

  60. <html prefix="og: http://ogp.me/ns#"> <head> <title>The Rock (1996)</title> <meta property="og:title" content="The

    Rock"/> <meta property="og:type" content="video.movie" /> <meta property="og:url" content="http:// www.imdb.com/title/tt0117500/" /> <meta property="og:image" content="http:// ia.media-imdb.com/images/rock.jpg" /> ... </head> ... </html> with opengraph there are og meta tags in the pages head

  61. Twitter Cards

  62. <meta name="twitter:card" content="summary"> <meta name="twitter:site" content="@nytimes"> <meta name="twitter:url" content="http:// www.nytimes.com/2012/02/19/arts/music/amid-

    police-presence-fans-congregate-for-whitney- houstons-funeral-in-newark.html"> <meta name="twitter:title" content="Parade of Fans for Houston’s Funeral"> <meta name="twitter:description" content="..."> <meta name="twitter:image" content="http:// graphics8.nytimes.com/images/2012/02/19/us/ 19whitney-span/19whitney-span- articleLarge.jpg"> also special twitter meta tags in the page's head

  63. Microdata http://www.w3.org/html/wg/drafts/ microdata/master/ http://schema.org/ ... and ..

  64. Microformats http://microformats.org/ with both these specs you annotate some dom

    nodes with special classes, used for example in the google search

  65. Meta Tags or you can just parse some common meta

    tags like title or description as a fallback

  66. Demo OEmbed

  67. So embedding external content

  68. Is this safe?

  69. External HTML could lead to xss if there are script

    tags in the html

  70. http://embed.ly/ if you use embed.ly you're somehow fine, because they

    are making sure nothing harmful is in there

  71. Trust nobody! but ... (probably not even yourself)

  72. Caja http://code.google.com/p/google-caja/ sanitize external html, caja strips out all harmful

    stuff, like script tags, javascript: urls

  73. demo: xss, caja

  74. API Access next ...

  75. to demo that i'm using status.net, an opensource microblogging platform,

    just because on conferences i can't rely on wifi. one problem though, we want to make ajax request from js to an external domain

  76. Same origin policiy problem: same origin policy, which says you

    are only allowed to access windows or make ajax request to resources that have the same host name as the page that you are on. very important browser security feature, otherwise you could steal the sessions of all other applications that are currently open or have a running session or permanent login cookie. but for api requests this would be fine, we can trust the api provider not to leak sessions

  77. JSONP on way jsonp, a bit hacky, google it if

    you want details

  78. Cross-Origin Resource Sharing much nicer, and good browser support

  79. Backend api.twitter.com Client client.net AJAX Access-Control-Allow-Origin: * http://www.w3.org/TR/cors/ with cors,

    before the browser actually does the ajax request it performs an options request and the api needs to return the access-control-allow-origin header, whose value should match the requesting host. if this is the case the ajax request will be executed

  80. Authorization of course most api's need authorization to access user

    specific resources like the user's home timeline

  81. http://oauth.net/ one way to do this in javascript applications is

    oauth2

  82. http://tools.ietf.org/html/rfc6749 it's final :)

  83. User-Agent Profile i'll not explain the whole of oauth2, but

    just what is necessary for js application

  84. http://twitter.com/authorize? &clientId=... Open Popup lanyrd.com it works like this, on

    the client app, lanyrd.com, you click a button, the client opens a new browser window pointing to the authorization endpoint of the api, with the clientId (you need to be preregistered at the api) of the client app (and some other parameters)

  85. http://twitter.com/authorize? &clientId=... Open Popup HTTPS GET twitter.com/ authorize lanyrd.com in

    this popups the api provider asks the user to log in,

  86. http://twitter.com/authorize? &clientId=... Open Popup Login twitter.com/ authorize lanyrd.com if he

    is not

  87. http://twitter.com/authorize? &clientId=... Open Popup Grant Permission twitter.com/ authorize lanyrd.com and

    then to grant the client permission to access the api on the user's behalf

  88. HTTPS Redirect RedirectURI#ac cessToken RedirectURI# accessToken lanyrd.com twitter.com/ authorize lanyrd.com

    if the user said yes, the user gets redirected, still in the popup, to a preregistered redirect callback url, the access token for the api is in the fragment part of this url, this means it will not be sent to the backend and not to any proxies but stays in the browser

  89. RedirectURI# accessToken Parse Access Token from Fragment Send it to

    opening window Close popup lanyrd.com lanyrd.com the callback page can only return some static html and js. the js reads out the fragment, and since callback page and client app in the parent window are on the same hostname, it can call a function at the parent window to pass the access token to the client app and then close itself

  90. HTTPS Ajax Request to API Access Token twitter.com lanyrd.com now

    the client app has the access token and can access the api

  91. Storing the access token of course you have to store

    the access token somewhere. cookie would be one example, but that would send the access token over the wire and we may not want this

  92. Local Storage http://www.w3.org/TR/webstorage/ better local storage

  93. Get new entries pushed by the API now that we

    have access to api it would be nice to get new entries of the user who connected to it pushed automatically so that we can include it into our stream

  94. PubSubHubbub http://code.google.com/p/pubsubhubbub/ many apis have their own implementations, status.net uses

    pubsubhubbub, but the principles are often the same

  95. retrieves Atom feed with Hub URL Hub posts sth pings

    every subscriber subscribes for feed acks subscription with pubsubhubbub you subscribe your application (backend) for the users feed at a central hub that is able to provide this users feed. after some subscription pingpong, each time when the user adds a new entry to his feed, it is send to the hub and the hub will forward it to every subscriber (of course only possible backend to backend since the hub can't send it directly to a browser)

  96. demo: oauth2, pubsubhubbub, sara, chat

  97. http://www.webrtc.org/ next p2p realtime communication between clients, this is possible

    with webrtc, very new, currently only possible in chrome dev channel and canary and firefox nightly builds, you can exchange any binary data, not only text, audio, video

  98. PEERJS http://peerjs.com/ one easy abstraction layer for webrtc just was

    published a few days ago, called peerjs, only works reliably for text at the moment, due to browser bugs (if even that)

  99. http://www.html5rocks.com/en/ tutorials/webrtc/basics/ you can read up details in the spec

    or here

  100. Try it out yourself if you want to ...

  101. http://vagrantup.com/ i built a vagrant vm for it

  102. $ vagrant up $ vagrant ssh $ cd app $

    mrt Follow the readme! basically that's what you have to do, but there are some small additional steps (adapting your host file for example, follow the readme)

  103. http://puppetlabs.com/ the whole vm is set up with puppet modules

  104. https://github.com/bashofmann/vm_js_mashup

  105. http://twitter.com/BastianHofmann http://profiles.google.com/bashofmann http://lanyrd.com/people/BastianHofmann http://speakerdeck.com/u/bastianhofmann https://github.com/bashofmann https://www.researchgate.net/profile/Bastian_Hofmann/ [email protected] Did you like

    this talk? http://joind.in/talk/view/8041 thanks, you can contact me on any of these platforms or via mail. if you liked this talk or didn't like it, please rate it on joind.in. this is very important for me for improving my talk, for the organizers for selecting the best talks and speakers and for you to get the best content on the conferences you visit.