Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Advanced JavaScript

Advanced JavaScript

Bastian Hofmann

February 22, 2013
Tweet

More Decks by Bastian Hofmann

Other Decks in Programming

Transcript

  1. it's about JS, how you can build rich web applications

    with it, and how you can enhance your app with fancy features. by the way, when i saw the logo first
  2. or more seriously like, this. lot's of pages linked together,

    some forms, but far way from the user experience a desktop app had
  3. here ebay from back then. overall what you could do

    with a web app was very limited, images, text, forms, animated gifs, background music, marquee text, js was considered security risk, turn it off, due to features not available in browser, low bandwith
  4. web sites, no web apps look more like this, rich

    application, desktop like feeling, offline capabilities, responsive
  5. •Web Application development •WebSockets •OEmbed and Caja •APIs and OAuth2

    •Real-Time updates PubsubHubbub •WebRTC we'll talk about several techniques to create such rich, responsive web applications, some so brand new that they are only available in dev channel or nightly builds and some that you can use now in your existing apps
  6. ResearchGate gives science back to the people who make it

    happen. We help researchers build reputation and accelerate scientific progress. On their terms. ‟ the goal is to give...
  7. ? how about you? languages you use regularly? have your

    own product? agency work? long lived, short lived projects? large codebases? frameworks you use? js experience?
  8. http://www.meteor.com the app is going to be based on meteor

    js, a js framework that combines server side and client side programming which reduces the amount of boilerplate code you have to write for server to client communication tremendously, still very early, in some areas limited, but really fun to develop with
  9. https://github.com/bashofmann/adv_js_demo/ the code is available on github, so you can

    check it out later and revisit what i did, run it, debug it, play around with it
  10. Lot's of things! actually there are lot's of things you

    can use today in your old, existing project (if time war story refactoring the researchgate codebase)
  11. http://twitter.github.com/bootstrap so to make it easier for you, you can

    look at a very good css framework and see how they are doing stuff, e.g. at researchgate we are not using bootstrap, but modeled some of our css after it
  12. var html="<ul>"; for (var i=0; i < viewers.length; i++) {

    html += "<li>" + viewers[i].displayName + "</li>"; } html += "<ul>"; document.getElementById("#div").innerHTML = html; Where is the error? oftentimes you see something like this in js applications, you iterate over some data, concatenate an html string, and put that into some dom node where is the error? problems: 1st xss, 2nd structure not visible, no code highlights, no ide support, easy to make errors 3rd if your app get's bit, hard to find where the markup is coming from, 4th we are forgetting everything we learned with server side development of web apps, mvc, separation of concerns
  13. Two-way communication the last thing you saw in the demo

    was ... ... which means the app updates when something happens automatically, no reloads necessary
  14. WebSockets http://dev.w3.org/html5/websockets/ one way to do this is websockets, if

    this is not available, you can fall back to other techniques, long polls, short polls, flash, ...
  15. cool video: http:// www.youtube.com/ watch?v=OFzkTxiwziQ as you saw in the

    stream you often times have status updates like this one, with a link, wouldn't it be nice to not only have the link but also a preview of what's behind the link under it. of course youtube offers embedding videos in other pages through an iframe, so you could parse the url, see that it's youtube, parse out the video id, put it into the iframe url, but what if youtube changes the embed tag? what if you want to support more than youtube? lots of work to build and maintain...
  16. you make a get request to it and get back

    the html page, in the head there are some links pointing to an oembed endpoint ('application/json|xml+oembed)
  17. { "provider_url":"http:\/\/www.youtube.com\/", "title":"Jupiter Jones - Das Jahr in dem ich

    schlief (Musik Video)", "html":"\u003cobject width=\"500\" height=\"306\"\u003e \u003cparam name=\"movie\" value=\"http:\/\/www.youtube.com\/v\/ OyJd2qsRkNk?version=3\"\u003e\u003c\/param\u003e\u003cparam name= \"allowFullScreen\" value=\"true\"\u003e\u003c\/param\u003e \u003cparam name=\"allowscriptaccess\" value=\"always\"\u003e \u003c\/param\u003e\u003cembed src=\"http:\/\/www.youtube.com\/v\/ OyJd2qsRkNk?version=3\" type=\"application\/x-shockwave-flash \" width=\"500\" height=\"306\" allowscriptaccess=\"always \" allowfullscreen=\"true\"\u003e\u003c\/embed\u003e\u003c\/object \u003e", "author_name":"St182", "height":306, "thumbnail_width":480, "width":500, "version":"1.0", "author_url":"http:\/\/www.youtube.com\/user\/Stinkfist182", "provider_name":"YouTube", "thumbnail_url":"http:\/\/i4.ytimg.com\/vi\/OyJd2qsRkNk\/ hqdefault.jpg", "type":"video", "thumbnail_height":360 } you get back a json object with meta information about the url, title, thumbnail and for videos some html which is the embed tag from youtube in this example
  18. http://embed.ly/ if we don't want to do all this oembed

    endpoint lookup and have something more comfortable there is also a web service called embedly, you can just post the url to it and get back the oembed json object
  19. <html prefix="og: http://ogp.me/ns#"> <head> <title>The Rock (1996)</title> <meta property="og:title" content="The

    Rock"/> <meta property="og:type" content="video.movie" /> <meta property="og:url" content="http:// www.imdb.com/title/tt0117500/" /> <meta property="og:image" content="http:// ia.media-imdb.com/images/rock.jpg" /> ... </head> ... </html> with opengraph there are og meta tags in the pages head
  20. <meta name="twitter:card" content="summary"> <meta name="twitter:site" content="@nytimes"> <meta name="twitter:url" content="http:// www.nytimes.com/2012/02/19/arts/music/amid-

    police-presence-fans-congregate-for-whitney- houstons-funeral-in-newark.html"> <meta name="twitter:title" content="Parade of Fans for Houston’s Funeral"> <meta name="twitter:description" content="..."> <meta name="twitter:image" content="http:// graphics8.nytimes.com/images/2012/02/19/us/ 19whitney-span/19whitney-span- articleLarge.jpg"> also special twitter meta tags in the page's head
  21. Microformats http://microformats.org/ with both these specs you annotate some dom

    nodes with special classes, used for example in the google search
  22. Meta Tags or you can just parse some common meta

    tags like title or description as a fallback
  23. to demo that i'm using status.net, an opensource microblogging platform,

    just because on conferences i can't rely on wifi. one problem though, we want to make ajax request from js to an external domain
  24. Same origin policiy problem: same origin policy, which says you

    are only allowed to access windows or make ajax request to resources that have the same host name as the page that you are on. very important browser security feature, otherwise you could steal the sessions of all other applications that are currently open or have a running session or permanent login cookie. but for api requests this would be fine, we can trust the api provider not to leak sessions
  25. Backend api.twitter.com Client client.net AJAX Access-Control-Allow-Origin: * http://www.w3.org/TR/cors/ with cors,

    before the browser actually does the ajax request it performs an options request and the api needs to return the access-control-allow-origin header, whose value should match the requesting host. if this is the case the ajax request will be executed
  26. Authorization of course most api's need authorization to access user

    specific resources like the user's home timeline
  27. User-Agent Profile i'll not explain the whole of oauth2, but

    just what is necessary for js application
  28. http://twitter.com/authorize? &clientId=... Open Popup lanyrd.com it works like this, on

    the client app, lanyrd.com, you click a button, the client opens a new browser window pointing to the authorization endpoint of the api, with the clientId (you need to be preregistered at the api) of the client app (and some other parameters)
  29. http://twitter.com/authorize? &clientId=... Open Popup Grant Permission twitter.com/ authorize lanyrd.com and

    then to grant the client permission to access the api on the user's behalf
  30. HTTPS Redirect RedirectURI#ac cessToken RedirectURI# accessToken lanyrd.com twitter.com/ authorize lanyrd.com

    if the user said yes, the user gets redirected, still in the popup, to a preregistered redirect callback url, the access token for the api is in the fragment part of this url, this means it will not be sent to the backend and not to any proxies but stays in the browser
  31. RedirectURI# accessToken Parse Access Token from Fragment Send it to

    opening window Close popup lanyrd.com lanyrd.com the callback page can only return some static html and js. the js reads out the fragment, and since callback page and client app in the parent window are on the same hostname, it can call a function at the parent window to pass the access token to the client app and then close itself
  32. HTTPS Ajax Request to API Access Token twitter.com lanyrd.com now

    the client app has the access token and can access the api
  33. Storing the access token of course you have to store

    the access token somewhere. cookie would be one example, but that would send the access token over the wire and we may not want this
  34. Get new entries pushed by the API now that we

    have access to api it would be nice to get new entries of the user who connected to it pushed automatically so that we can include it into our stream
  35. retrieves Atom feed with Hub URL Hub posts sth pings

    every subscriber subscribes for feed acks subscription with pubsubhubbub you subscribe your application (backend) for the users feed at a central hub that is able to provide this users feed. after some subscription pingpong, each time when the user adds a new entry to his feed, it is send to the hub and the hub will forward it to every subscriber (of course only possible backend to backend since the hub can't send it directly to a browser)
  36. http://www.webrtc.org/ next p2p realtime communication between clients, this is possible

    with webrtc, very new, currently only possible in chrome dev channel and canary and firefox nightly builds, you can exchange any binary data, not only text, audio, video
  37. PEERJS http://peerjs.com/ one easy abstraction layer for webrtc just was

    published a few days ago, called peerjs, only works reliably for text at the moment, due to browser bugs (if even that)
  38. $ vagrant up $ vagrant ssh $ cd app $

    mrt Follow the readme! basically that's what you have to do, but there are some small additional steps (adapting your host file for example, follow the readme)
  39. http://twitter.com/BastianHofmann http://profiles.google.com/bashofmann http://lanyrd.com/people/BastianHofmann http://speakerdeck.com/u/bastianhofmann https://github.com/bashofmann https://www.researchgate.net/profile/Bastian_Hofmann/ [email protected] Did you like

    this talk? http://joind.in/talk/view/8041 thanks, you can contact me on any of these platforms or via mail. if you liked this talk or didn't like it, please rate it on joind.in. this is very important for me for improving my talk, for the organizers for selecting the best talks and speakers and for you to get the best content on the conferences you visit.