YUI
Blog

Blog

YUI Weekly for November 16th, 2012

By Derek GathrightNovember 16th, 2012

Thanks to everyone for coming out to YUIConf 2012! I think I speak for everyone on the team by saying we all had an incredibly fun time. It was great to see old faces again, and also to meet new community members as well.

Since there was too much happening at this year’s event to all recap in one YUI Weekly post, over the coming weeks you’ll see more details on this blog covering topics such as the YUI Contributor Model, more details on the new Gallery submission process, announcements for new tools, and lots more. We’ll also be releasing videos of the talks to the YUILibrary YouTube channel beginning next week. So stay tuned!

Thanks again for helping make YUIConf a great event, and safe travels to all those heading home.

Posted in: YUI Weekly | 1 Comment »

Win 8 Hangout Video Available on Youtube Channel

By Andrew WooldridgeNovember 12th, 2012

YUI team member Tilo Mitra is speaking at YUIConf 2012 about Windows 8. You can get a preview of some of the content of this talk by checking out our recently published YouTube video of the YUI Hangout we did as well as his excellent blog post.

Tilo is one of the many awesome speakers at YUIConf 2012 this year. It’s not too late to register – sign up here and join us Wednesday and Thursday for YUIConf!

Posted in: Development | Place a Comment »

YUI Weekly for November 9th, 2012

By Derek GathrightNovember 9th, 2012

Welcome to YUI Weekly, the weekly roundup of news and announcements from the YUI team and community. If you have any interesting demos or links you’d like to share, leave a comment below or email contributions to weekly at yuilibrary.com.

6 days until YUIConf 2012! Check out our amazing lineup of speakers and register today!
This week saw the release of YUI 3.8.0pr1, the first preview release of the YUI’s 3.8 branch. Updates and additions to 3.8 include; Y.Template, Y.Color, Y.AttributeObservable, Y.BaseObservable, ScrollView enhancements, and more! You can read all about it in the release announcement.
Y.Color has 3 new demos that are now available to begin experimenting with, including RGB Slider, HSL Color Picker, and HSL Harmony. Fun!
Yeti just landed support for using multiple instances of the same browser to speed up browser testing. The feature is available for those installing in-development snapshots of Yeti. A release is coming soon, so watch the Yeti blog for updates coming before next week’s YUIConf.
Version bumps this week for the following YUI devtools: yuidoc and yuitest-coverage. Upgrade with npm install -g yuidocjs yuitest-coverage. YUIDoc now has a doc linting feature, yuidoc --lint.
New in the Gallery this week is busy, an easy way to create “busy” overlays (example). Updated Gallery modules include slidecheckbox, twitter-widget, textarea-expander, itsadialogbox, and zui-rascroll.
Reads of the week:
Tweets of the week:

YUIConf 2012 Schedule Update yuiblog.com/blog/2012/11/0…

— YUI Library (@yuilibrary) November 9, 2012

“Douglas Crockford will be giving a special evening keynote entitled Monads & Gonads.”… I’m there. #YUIConf yuiblog.com/blog/2012/11/0…

— Pat Cavit (@tivac) November 9, 2012

I’m attending YUIConf 2012, and you should to… lanyrd.com/2012/yuiconf/ #yuiconf @yahoosports is hiring, come find me at the event

— mrjonah (@mrjonah) November 9, 2012

#YUI makes it easier to build native #Windows8 applications. This article shows you how to build an app. yuiblog.com/blog/2012/11/0… @yuilibrary

— ted_drake (@ted_drake) November 6, 2012

Posted in: YUI Weekly | Place a Comment »

YUIConf 2012 Schedule Update

By Andrew WooldridgeNovember 9th, 2012

We can’t wait to see you at YUIConf 2012 next week! We want to update you on a few changes to the schedule so you can plan accordingly:

Ryan Cannon is giving a talk entitled “Using YUI to Tackle Video” on Wednesday, November 14 at 3pm.
We are adding a security talk entitled: “Security Testing of YUI Powered Applications” on Thursday, November 15 at 3pm featuring Dmitry Savintsev and Albert Yu.
We are sad to report that Nicholas Zakas will not be able to present this year at YUIConf due to a schedule conflict.
Douglas Crockford will be giving a special evening keynote entitled Monads & Gonads.

It’s not too late to register! Seats are going fast, but you still have time to sign up today and be the first to hear about the latest happenings at YUI as well as networking with your friends in the YUI community.

Posted in: YUI Events | Place a Comment »

YUI 3.8.0pr1 – Template and Color Utilities

By Eric FerraiuoloNovember 7th, 2012

YUI 3.8.0pr1 is now available to the developer community for feedback and testing on the Yahoo! CDN (and as a download), on npm, and our Staging website has the updated documentation.

The current development sprint ends this Friday, at which time we’ll be feature complete on the next YUI release. We are on track for this next stable release to be 3.8.0, and the release is scheduled for December 4, 2012.

Introducing Template and Template.Micro Utilities

Ryan Grove has contributed new templating utilities to YUI. Y.Template is a class which provides a generic template engine API, and Y.Template.Micro, a static class which provides a simple micro-templating engine. Y.Template can be used to compile, precompile, render, and revive precompiled templates using Handlebars or Y.Template.Micro.

Ryan describes why there was a need for these templating utilities:

“While working on a new widget recently, I found myself wanting a string-based templating solution that was more advanced than Y.Lang.sub() or Y.substitute(), but without the overhead of Y.Handlebars. I needed support for interpolation, if/else branching, and looping, but only for a few very small templates. Underscore-style templates (more familiar as ERB-style templates to Rubyists) seemed like exactly the right fit.”

Y.Template.Micro is a string-based micro-templating language similar to ERB and Underscore templates. Template.Micro is great for small, powerful templates, and its compilation engine is extremely fast with a small footprint.

Compared with the features of Handlebars, Template.Micro is much simpler. Using the generic engine API provided by Y.Template, Micro and Handlebars templates can be used interchangeably. This gives you a powerful way to customize a component’s Handlebars templates by overriding them with Micro templates, and not incur the cost of loading the handlebars-compiler module (which is 9KB minified and gzipped).

Introducing Color Utilities

Color utilities have been available in YUI for quite some time, but they were hidden in a DOM helper submodule which was never publicly documented. We are changing this today by exposing the new Y.Color utility!

Y.Color provides methods which enable conversion between hexadecimal, RGB, HSL, and HSV color models. HSL and HSV conversion methods are provided by submodules, this way you only have to load the modules you need.

We created the Color utilities to be extensible. New color models can be defined by providing a RegEx for matching, a string template, and any conversion methods.

An exciting feature of the Color utilities is the support for color theory, which is provided by the color-harmony module. These features enable you to match one color to another color’s perceived brightness, get similar colors to one that’s supplied within a certain range, find complementary colors, etc. We have some great examples showing off these new color utilities, be sure to check them out!

Having a robust color utilities will allow us (the YUI community included) to create new modules and features such as a color picker widget. Taking it a step further, we’ll be able to use these color utilities to greatly improve YUI skinning. Stay tuned for more on that soon :)

Attribute and Base Observability Refactoring

Back in YUI 3.5.0, the features of Y.Attribute were extracted-out into smaller sub-components, each with a single reasonability: Y.AttributeCore, Y.AttributeEvents, Y.AttributeExtras. Y.Attribute was then redefined using these parts. At that time we also did a similar refactoring of Y.Base and extracted Y.BaseCore, a base class sans events.

Today we are codifying the concept of “observability” at the Attribute and Base levels. Instead of using the description “has events”, we’re now referring to a components qualities, i.e., “is observable”. This distinction is a better match for how Y.AttributeObservable (formerly Y.AttributeEvents), and the new Y.BaseObservable class extension are used and applied.

Certain components in your app will benefit from the ability to have their lifecycles and attribute changes observed to other parts of the system, but other components will incur an unnecessary overhead and don’t require these abilities.

This refactoring combined with updates to Y.Base.create/mix() which allow it to be used with Y.BaseCore (and BaseCore subclasses), means that observability can be added to class at any time by mixing in the new Y.BaseObservable extension.

Stay tuned for continued work on Attribute and Base performance in the next major YUI release after 3.8.0.

ScrollView Enhancements

ScrollView has received minor enhancements for this preview release, including fixes for a couple pagination bugs. This returns the pagination features back to the pre–3.7.0 behavior, which requires a distance threshold of at least 50% to trigger moving to the next “page”.

A special thanks to Juan Dopazo for contributing a fix for ScrollViewPaginator’s scrollToIndex() method, which now properly respects animation duration and easing options.

Happy Testing!

For a complete list of changes in 3.8.0pr1, please refer to the change history rollup for this release.

We rely on your feedback from testing these preview releases in your real world apps to give us the final vote of confidence in the stability of the code, beyond what our automated and manual testing provides. If you find a bug, or want to suggest an enhancement, please don’t hesitate to file a ticket. Thanks, and happy testing!

Posted in: Releases | 2 Comments »

Managing your JavaScript Modules with YUI 3 Stockpile

By John LindalNovember 6th, 2012

The YUI Loader has revolutionized the management of JavaScript, and the Gallery has made it easy to distribute and use open source modules. However, I have always been concerned about the restriction to a single gallery version in the YUI configuration. If one must upgrade to a new gallery version to get a feature in module A, that will force upgrading to newer versions of all the other gallery modules. What if one of those new versions has a bug? Ideally, one should be able to specify a fixed version for each module so they can be upgraded separately.

Thus, eight months ago I began work on YUI 3 Stockpile, a NodeJS combo handler which supports versioning. The name stockpile was chosen because it’s a synonym of gallery, but without the glamorous connotation. Since the Gallery contains all the open source modules, Stockpile is intended for managing collections of modules internal to an organization. Separate teams working at different speeds upload new versions whenever they are ready, and consumers upgrade to new versions when they have the time to do thorough testing.

Unfortunately, one side effect of having to specify a version for every module is that the list of versions can get quite long for complex modules that have many dependencies. In order to lessen this annoyance, YUI 3 Stockpile supports bundles of modules. The entire bundle is assumed to be released as a unit, just like the YUI core libraries, and thus a single version number applies to all the modules in a bundle. In addition to simplifying the configuration, bundling modules allows Stockpile to optimize its response to the YUI Loader, returning not only the requested modules but all the required dependencies within the bundle. This reduces the total number of requests made by YUI Loader, so use(...) can execute sooner.

Speaking of dependencies, I have seen various ways of defining the required version(s) of a dependency. In my opinion, none of these solutions were successful, because they were all painful to use and inevitably required hacks when I needed to use versions of modules which were not declared to be compatible. Stockpile therefore does not even try to tell you which versions are compatible. Module maintainers can indicate this information in the version notes, but it is ultimately up to the consumer to choose a version of each module and test the result thoroughly.

Combo Handler

The core of Stockpile is the combo handler which responds to requests from YUI Loader. It is configured with a document root from which to serve JavaScript, CSS, and other assets. An MRU cache can be configured so the most common requests are served directly from memory instead of having to be read from disk every time. (A charting UI is planned, to help tune this cache.) Clustering is also supported, so the combo handler can use all the available cores. Unfortunately, since NodeJS clustering makes it very difficult to share state between the processes, the cache is local to each process. It is therefore advisable to use a separate cache on top of the combo handler if you want to use clustering. (See below for further discussion about caching.)

Management Interface

Stockpile provides a command-line interface for uploading modules to the combo handler’s document root. This makes it easy to automatically upload a new version after a successful CI build. The command-line tools are written in Perl because it is ubiquitous.

The server that handles upload requests also provides a web interface for browsing the module repository. For each module or bundle, it displays version notes, the code required to configure the version in YUI Loader, and the source code.

Development Mode

It would be very annoying if one had to upload a new version to Stockpile in order to test it. To enable rapid iteration, a separate dev combo handler can be layered on top of the normal combo handler. The dev version is configured to recognize the module names that are under development and return local files. All other modules names are retrieved from the normal combo handler. The local and remote results are then stitched together and returned to YUI Loader.

Caching

As mentioned above, clustering and caching are incompatible. To get the highest throughput, clustering should be enabled in Stockpile, and caching should be layered on top. In order to support CDN’s like CloudFlare which ignore query args, Stockpile accepts a custom format to make the request look like a normal URL: /combo~a~b~c

To use this format, simply configure the group for YUI Loader as follows:

comboBase: "http://host:port/combo~",
comboSep:  "~"

Conclusion

While Stockpile is probably overkill for individuals and small projects, my hope is that larger organizations will find it to be useful when managing multiple applications built using YUI.

Stockpile is available under the BSD License. All the details about how to configure and use it are available on github.

About the author: John Lindal (@jafl5272 on Twitter) regularly contributes to the YUI 3 Gallery.

Tagged as: gallery jafl loader module stockpile YUI 3

Posted in: Development | 1 Comment »

Post Mortem: SWF Vulnerability in YUI 2

By Jenny DonnellyNovember 5th, 2012

The YUI team has discovered a security-related defect in certain self-hosted YUI 2 .swf files. This defect allows JavaScript injection exploits to be created against domains that host these affected .swf files, whether or not the .swf files are embedded in your application. Visit the security bulletin for full details about how to identify and replace the affected files.

If your site hosts a YUI 2 distribution between version 2.4.0 and 2.9.0 that includes these files, it is affected by this vulnerability.

If your site loads YUI 2 from Yahoo’s CDN (yui.yahooapis.com) or from Google’s CDN (ajax.googleapis.com), and the files are not hosted on your own domain, you are not affected. YUI 3 is not affected by this issue.

See the security bulletin for information about how to determine whether your site is affected, how to remedy the problem, and how to verify the fix.