Povert

I’ve been working on a little bit of javascript in my spare time. The New York Times has recently employed a bit of code that allows you to highlight sentences or paragraphs using a hash in the story’s URL.

I think that’s a fantastic idea. I’ve thrown together some JS to do this. It’s available here. As a happy bonus, it allows for a range of sentences and it doesn’t require a page reload to highlight parts. The sentence selection, however, is terrible. So if anyone has any suggestions, please fork and put in a pull request.

My code does allow highlighting some stuff while jumping to another part, which I think is pretty neat. That is, “Read starting here, but really pay attention to this.”

(Also, Ken: No, you’re a nerd)

I’ve been making plenty of use of localStorage in javascript apps lately.  It’s a very simple way of storing data in the browser that can persist across sessions.  If you want to learn more about it, check out the Local Storage chapter in the excellent Dive into HTML5 web site / future book.

Anyway, I’m using it on a new version of flappingcrane.com to get around the downside to a recent security fix in Safari.  I wanted to have the icons for skits that have already been watched by the user to be translucent.  That’s normally a very easy thing to do using CSS:


.skitIcon a:visited {
opacity: 0.5;
-moz-opacity: 0.5;
}


However, there’s kind of a clever security problem with this.  In a nutshell, I can list a bunch of links on a page and give some CSS property to visited links.  Then if you visit the page, a script can examine those links and see which ones have those properties, thus telling me which of those sites you have visited.

A recent version of Safari disabled styling on the :visited pseudo-element for this very reason.

Anyway, this is less of a concern on something like Flapping Crane.  We can track what skits you watch, how much of them you watch, how often you pause them, etc.  While that might creep some people out (we only track hits or plays, but I’m sure many, many video sites track a lot more), there’s no serious security issue with that.  I can tell that you’ve watched “Bugles” 145 times (weirdo), but I can’t tell what other creepy web sites you visit.

So, while we can keep track of what client IP has watched what, there are a variety of reasons why I really don’t want to do that in order to style a few links.  One, I like to keep DB interactions to a minimum (hah).  Two, it makes for some clunky, ugly interactions that seem like overkill for a little opacity effect.

I’m sure you can see where I’m going with this.

When you watch a skit (again, on the new site I’m working on), if your browser supports localStorage, it’ll record that you’ve watched it.  Since it’s stored in your browser, there’s no need for querying the database.  Then, when listing out the skit icons, ones that have been viewed get a “watched” class.  Any CSS I want can be applied to that.

This is nothing that couldn’t be accomplished by a variety of other means, but it is nice to have such a remarkably simple way of doing it.  I haven’t decided if I’m going to put in a way to do it with cookies, which have more limitations.

This paragraph in an Ars article made me snort:

First the C guys can’t imagine writing in assembly anymore, but C++’s vtable dispatch is still just too slow to consider. Then the C++ guys look back with chagrin at the bad-old-days of rolling their own half-assed object systems in C, but Java is dismissed as a ridiculous pig. Still later, the Java guys sneer at pointers and manual memory management, but JavaScript is ridiculed as a toy “scripting” language for validating web forms. And on and on.

It’s true.

Ads drive me nuts.

Not for the reasons it drive some people nuts — as long as they’re not intrusive, I don’t mind. I don’t regularly use AdBlock, though I do use ClickToFlash in Safari for various reasons. I don’t even think that Flash ads, per se, are a problem.

I see two basic problems:

1. document.write()
2. Invalid markup

document.write()

I hate document.write(). I’m pretty sure that I am That Guy At Work Who Hates document.write() With Unreasonable And Embarrassing Passionâ„¢, but it really does limit your options and it contributes to poor page load and rendering times.

Amazingly, a quick search of my past entries here turned up very little about my disdain for document.write(), so I’ll briefly summarize the problem.

Web browsers don’t handle external scripts very well. Because of things like document.write(), the browser actually has to pause the rendering of the page. Unfortunately, if the script is long-running or the server it’s on is slow or non-responsive, this can significantly increase the apparent page load time. Several mildly misbehaving external scripts on a page can have a dramatic cumulative effect. I set up an example of this while back to demonstrate this.

This is how most ads are delivered to a page. So a single ad placed anywhere before any important content on a page can block the display of that page until the ad is displayed.

There are ways around this. One way would be to have a external javascript file called early in the page. Then ad positions on the page wouldn’t be additional external script tags — they would be calls to a function or functions in that main javascript file (I believe Google Adsense allows for something like this method, at least in some circumstances). You could even get away with document.write() in this case, though that wouldn’t be eliminating problem #2. More on that in a moment. But there is still a basic problem here — we’re down to one external script, but if its host server is unresponsive, the display of all or most of the page will be held up until it resolves or times out.

Another way would be to dynamically create script tags and append them to the document’s head. These tags would point to the external scripts. But because they’re inserted this way, the browser doesn’t have to hold up the page rendering. YUI’s Get.script() does exactly this with some handy features thrown in as well. The big problem here is that document.write() is not compatible with this method. Unfortunately, 100% of ads out there are written out with document.write() by ad servers, regardless of whether they were written that way.

I’ve tried overriding document.write(). Last I checked, it actually works in Firefox:


(function(){
var els = document.getElementsByTagName('*'),
el = els[els.length - 1];
adURL = 'http://ad-server.com/blah';
document.write = function(str) {
if (typeof str != 'undefined') {
var newEl = document.createElement('span');
newEl.innerHTML = str;
var nodes = newEl.childNodes;
while (nodes.length) {
el.parentNode.appendChild(nodes[0]);
}
}
}
YAHOO.util.Get.script(adURL, {
onSuccess: function(){document.write = dwrite;}
});
})();


Guess how that pans out in IE?

(Yes, there are some flaws in the above code, but it was proof-of concept.)

And no, the defer attribute does not work when using document.write() and should be avoided anyway.

Invalid Markup

This problem is actually a consequence of problem #1. document.write() allows you to just toss arbitrary text and markup onto the page. There’s nothing to stop you from slapping this onto an otherwise nice page:


document.write('<div>Tacos</div>');


This can utterly destroy a page’s layout. All it takes is one bad ad to toss in one unmatched tag and a page’s layout will look like it got punched in the face and set on fire. The same thing could happen using innerHTML. However, using DOM methods avoids this problem:


var div = document.createElement('div');
adSpan.appendChild(div);
div.appendChild(document.createTextNode('Tacos'));


Yes, that appears to be more work. If your gripe with this solution is that you have to type more, please allow me to do to your face what a stray closing div can do to a page.

Mistakes can be made when doing it this way, but it eliminates an entire category of error that can sometimes be fairly difficult to track down. Even if you made 100% sure that your ad doesn’t output invalid html, all it takes is one person in the chain to do a bad copy & paste job to hose it up. It happens. It costs money and wastes time. It also makes me want to make the streets run red with the blood of my enemies.

Iframes, sadly, are not a solution to this problem. While it would contain the bad markup, they make certain type of ads hard or impossible to do. There is also a very long-standing Firefox bug in which iframes magically swap contents with each other.

What Can Be Done?

So where can we go from here? I wish I knew. I don’t think it’s realistic to expect that everyone writing ads out there change the way they write them. Maybe someone with Google’s clout could do this, but I can’t imagine that that would end well even for Google.

To make matters worse, whether the ad author avoids document.write() or not is actually irrelevant at this point because ad servers like DoubleClick actually take your ad code and document.write() it — leading to the silly (but common):


document.write('<noscript>Blah blah blah</noscript>');


Overriding document.write() would be a good intermediate step if it worked in IE, but it doesn’t.

This really is a serious problem. I can’t imagine how much potential revenue is lost to slow rendering pages as a result of ads which were supposed to generate revenue in the first place, not to mention the actual money spent on tracking down bad ads that are hosing up a page’s layout.