YUI 2.5.1 Released: Improved AIR support, JSON security patch, YUI Configurator, and bug fixes

By YUI TeamMarch 19, 2008

The YUI team released version 2.5.1 today and it's available for download from SourceForge. This is a general patch release with 67 issues addressed throughout the library. 2.5.1 improves support for developers running YUI in Adobe's AIR environment and addresses an important security issue raised over the weekend regarding JSON parsing in FireFox. Here are all the top-level items for 2.5.1:

  • Improved AIR support: As we've mentioned here previously, YUI generally runs well in Adobe AIR because AIR implements WebKit — and WebKit also drives one of our A-Grade browsers. Adobe has been actively reaching out to us (and to other library developers) to identify potential wrinkles, and we've addressed several of these in YUI 2.5.1. Specifically, the Rich Text Editor and DataSource components have improved AIR compatibility.
  • JSON parsing in FireFox: Douglas Crockford reported a security vulnerability in his JSON-parsing code from json.org this weekend. The vulnerability allowed the JSON parser to be duped into thinking that an unquoted string was quoted; this could result in unsafe scripts being evaled. Douglas's fix for this is now incorporated in the YUI JSON Utility.
  • DataTable refinements: Jenny Han Donnelly and Luke Smith continue to roll in the upgrades to DataTable, with 2.5.1 including a significant performance improvement when adding/updating/deleting rows dynamically.
  • YUI Configurator: We've added a YUI Configurator to the YUI web site, providing a dashboard-style component-selection interface. You pick out the components you want to use, and the Configurator will compute the correct set of file includes for your implementation. The YUI Configurator.
  • New aggregate file — yuiloader-dom-event.js: We've added a new rollup file, yuiloader-dom-event.js, which contains the light YUI Core (Yahoo Global Object, Dom Collection, and Event Utility) and adds to it the YUI Loader (which includes the Get Utility for dynamically adding script and CSS resources). This new aggregate file is the ideal baseline rollup to use when you want to be able to lazy-load any part of YUI on-demand. YUI Loader will calculate the dependency tree for the components you want to add, load the optimized resource list in the correct order, then fire your callback making use of the newly added components:
    <!--Load then new yuiloader-dom-event aggregate file:-->
    <script type="text/javascript" 
     src="http://yui.yahooapis.com/2.5.1/build/yuiloader-dom-event/yuiloader-dom-event.js" >
    <!--Now, when you want to use a new component, you can just do this:-->
    <script type="text/javascript">
      // Instantiate and configure Loader:
      var loader = new YAHOO.util.YUILoader({
        // Identify the components you want to load.  Loader will automatically
        // identify any additional dependencies required for the specified 
        // components.
        require: ["button", "slider"],
        // Configure loader to pull in optional dependencies.  For example, 
        // animation is an optional dependency for slider.
        loadOptional: true,
        // The function to call when all script/css resources have been loaded
        onSuccess: function() {
          //this is your callback function; you can use
          //this space to call all of your instantiation
          //logic for the components you just loaded.
          //so, you can implement button safely here:
          var oButton = new YAHOO.widget.Button("mybutton");
      // Load the files onto the page:
    For full details on using the YUI Loader, see its User's Guide. Note: YUI Loader is now included in the utilities.js aggregate as well.
  • Bug fixes: YUI 2.5.1 is primarily a bug-fix release, and you'll find fixes to various issues throughout the library. For a compendium of the issues we've addressed, please see Georgiann Puckett's release summary in the YUI discussion forum.