Content

Aug 30

View Source Tutorial: Content Site Using HTML5 Canvas + CSS3

Via Phil Franks comes an interesting HTML5/CSS3 site for There Studio, which is a kind of coworking space in London:

The site itself has a number of circles with information bouncing on the screen that respond to mouse clicks and moves.

Let’s crack the site open using View Source and see how they are doing things. First, they have a repeated background with a little plus symbol with the following style rule on the <body> tag:

PLAIN TEXT

CSS:

background: #ddd url(‘../images/bg.gif’) 50% 0 repeat fixed;

The textual content in each of the circles is clean semantic HTML that is search engine friendly:

PLAIN TEXT

HTML:

<div class=“section who first”>
<h3>Who</h3>
<p>Creatives, makers, thinkers <span class=“ampersand”>&</span> doers</p>
</div>

To turn that into this:

The <h3> is first transformed into having an underline with the padding and margin being on the bottom:

PLAIN TEXT

CSS:

h3 {
border-bottom: 1px solid #ccc;
display: block;
font-size: 25px;
font-weight: normal;
padding: 0 0 10px;
margin: 0 0 8px;
}

JavaScript creates the circle. The script tags themselves are at the end of the HTML page at the bottom of the <body> tag, a good performance practice in general.

The heart of drawing each circle is in the createBall and createContentBall methods. If a ball will have HTML content, then the createContentBall method is used, otherwise the createBall method is used. Let’s look at the createContentBall method; we’ll break it down:

PLAIN TEXT

JAVASCRIPT:

First, we create an absolutely positioned DIV that will house our Canvas tag:

PLAIN TEXT

JAVASCRIPT:

var element = document.createElement( ‘div’ );
element.className = className;
element.width = element.height = size;
element.style.position = ‘absolute’;
element.style.left = -size + ‘px’;
element.style.top = -size + ‘px’;
element.style.cursor = “default”;
canvas.appendChild(element);
elements.push( element );

Then we draw the actual circle itself using the Canvas tag and append it to our container DIV (Note that an SVG circle created programmatically could have also been used here):

PLAIN TEXT

JAVASCRIPT:

var circle = document.createElement( ‘canvas’ );
circle.width = size;
circle.height = size;
if (className !==‘image’ && className !==‘image first’) {
var graphics = circle.getContext( ’2d’ );
graphics.fillStyle = color;
graphics.beginPath();
graphics.arc( size * .5, size * .5, size * .5, 0, PI2, true );
graphics.closePath();
graphics.fill();
}
element.appendChild( circle );

Then we create another DIV to house the HTML content itself:

PLAIN TEXT

JAVASCRIPT:

content = document.createElement( ‘div’ );
content.className = “content”;
content.onSelectStart = null;
content.innerHTML = html;
element.appendChild(content);
if (className !==‘image’ && className !==‘image first’ ) {
content.style.width = (size – contentPadding*2) + ‘px’;
content.style.left = (((size – content.clientWidth) / 2)) +‘px’;
content.style.top = ((size – content.clientHeight) / 2) +‘px’;
}

Notice that we are setting content.onSelectStart to null above; this is so that when you run the mouse button over the text it doesn’t select (An alternative way to do this is to use the HTML pointer-events CSS property).

Next comes code to deal with the physics of the circles, which uses Box2D.js, a JavaScript physics engine ported from Flash:

PLAIN TEXT

JAVASCRIPT:

var b2body = new b2BodyDef();
var circle = new b2CircleDef();
circle.radius = size / 2;
circle.density = ballDensity;
circle.friction = ballFriction;
circle.restitution = ballRestitution;
b2body.AddShape(circle);
b2body.userData = {element: element};
b2body.position.Set( Math.random() * stage[2], Math.random() * (stage[3]-size) + size/2);
b2body.linearVelocity.Set( Math.random() * 200, Math.random() * 200 );
bodies.push( world.CreateBody(b2body) );

Basically, we define a circle, give it a radius, density, friction, and restitution, and then add it to our collection of shapes with a position and linear velocity. Box2D will then handle the physics and we can just take the values back out to draw things on the screen with a setInterval, which happens in the loop method:

PLAIN TEXT

JAVASCRIPT:

This method gets called with a setInterval periodically. Basically, we apply a delta and a gravity at each time step; see if the mouse is being pressed down (with hooks for touch devices like the iPhone to see if a finger is being pressed down); tell the Box2D World about our gravity and delta and to make an iteration step; and finally use the computed physics values from Box2D to apply CSS3 rotation transforms on our parent DIV and move the element’s CSS top and left values around the screen.

Jun 18

Inline content assist for text fields and areas

Ajax No Comments »

Sergey Chikuyonok has created a really nice, easy to use, and good looking content assist library for input text fields and text areas:

It calculates precise position of characters in or</p> <input /> tag and places completion proposals popup under it. You can explicitly call popup window to assist/replace word (depends on caret position) with Ctrl+Space (buggy in Firefox and Opera) or Alt+Space (buggy in Opera). The project is based on Eclipse IDE’s content assist architecture, it has some common class names and methods. The default implementation works with fixed words vocabulary, but developers can easily modify or extend some classes to match their needs.<br />

The API is easy to use. For example:

PLAIN TEXT

JAVASCRIPT:

var words = ‘after,any,also,around,another,ask,again,air,away,animal,answer,america,awesome,amazing’.split(‘,’);
new BasicContentAssist(document.getElementById(‘input’), words, {visible_items: 5});

Tagged with: areas • assist • Content • fields • Inline • text

May 25

TabNabbing: Phishing By Switching Background Tab Content

Ajax No Comments »

Aza Raskin identifies yet another form of phishing attack. Tabnabbing is the process of replacing the entire contents of a page while it’s in a background tab. Want to see it in action? Just visit Aza’s article, switch to another tab for 5 seconds and see what happens. Nice clean demo, and as scary as it is simple.

There’s no reload because it’s possible to change favicon, title, and page contents via Javascript. Reading through the comments, the attack seems to work most consistently and potently in Firefox, with other browsers being a mixed bag based on how they handle dynamic favicons and the focus event.

The steps in detail:

A user navigates to your normal looking site.

You detect when the page has lost its focus and hasn’t been interacted with for a while.

Replace the favicon with the Gmail favicon, the title with “Gmail: Email from Google”, and the page with a Gmail login look-a-like. This can all be done with just a little bit of Javascript that takes place instantly.

As the user scans their many open tabs, the favicon and title act as a strong visual cue—memory is malleable and moldable and the user will most likely simply think they left a Gmail tab open. When they click back to the fake Gmail tab, they’ll see the standard Gmail login page, assume they’ve been logged out, and provide their credentials to log in. The attack preys on the perceived immutability of tabs.

After the user has entered their login information and you’ve sent it back to your server, you redirect them to Gmail. Because they were never logged out in the first place, it will appear as if the login was successful.

Aza also notes the attack could get a lot more potent if they (a) used the CSS history exploit to discover which sites the user has visited; (b) employed certain other techniques, like timing attacks, to determine which services a user is currently logged into.