Category Archives: Javascript

Summer Project: Firefox Plugin to Override Window.Alert

When I don’t have work to do, I get antsy.

And right now, I’ve got no work to do.

So I’ve come up with a project for myself:  remember how I created a Firefox Plugin a few months back?  I’d like to make another one – but this one will actually serve a useful purpose.

Have you ever been to a page that suddenly started spewing window.alert boxes at you?

If you haven’t, open up Firebug, and paste this into the console:

for(i = 0; i < 10; ++i){ alert(i); }

Now imagine if instead of 10 alert boxes, it spewed hundreds…or thousands….or god forbid, it uses a while(true) loop, and throws infinity alert boxes at you.

It totally cripples Firefox. It’s a super simple browser DoS attack.

Mozilla knows this, but so far, no solution except for killing the Firefox process, or disabling Javascript manually, or with NoScript (a plugin that I highly recommend).

Google Chrome has solved this problem by providing a checkbox on alert dialogs that allow a user to disable future popups from the current site.

Cool.  I want Firefox to have the same feature.

So, this summer, I’m going to try to build a Firefox Plugin that will override the standard window.alert function, with one that provides a checkbox, letting the user disable future alerts.

I don’t even know if this is possible, but I’m looking into it.

I’ll blog my research and progress as I go along, and share my code / final plugin when it’s all finished (or when I abandon it…hey, it happens).

So stay tuned.

My Web App in the News

ANOTHER UPDATE: Whoops.  Fixed the links to the auction and the St. Catharines Standard article.

UPDATE: Apparently, the Feds are getting in on the online auction circuit too.

Over the past three summers, I’ve been employed by the District School Board of Niagara as an internal web application developer.

One of my first jobs in the summer of 2006 was to rebuild the online auction application that the DSBN Purchasing department ran.  The original auction let the Board dispose of old equipment quickly and easily, and was quite popular.  Unfortunately, it was also written in (almost) unintelligible/unmaintainable Perl.

So I rewrote it by myself, and learned PHP/MSSQL along the way.  We called this new auction site The Government Surplus Online Auction, and we opened it up so that other government agencies could also post items for auction.

Things went along fine until last summer, when the site got attacked by an SQL Injection bot.  Back in 2006, I had no idea what SQL injection was, or how to guard myself.

So there I am – I’ve just come back from a camping trip, my inbox is packed with complaints, and I’ve got three weeks until school begins.  Crap.

Luckily, I had plenty of tools at my disposal.  My web app development skills and practices had evolved dramatically since 2006, and I had been itching to reimplement the auction anyhow.  The SQL Injection attack was a perfect excuse for me to gut the entire application, and rebuild from scratch.

And I did.  I rebuilt the whole thing from the ground up in three weeks.  It’s been almost a year since it was deployed, and I’m still very happy with its performance, and the code that runs it.

I’m not happy with its overall UI design.  I think there are plenty of improvements to be made in that regard.  Luckily, it’s coded using a light MVC framework that I designed/built myself, so reskinning shouldn’t be too hard for whoever decides to work on it…

Apparently, I’m not the only one happy with the auction site.  Check out this article (now without annoying print dialog).

I just checked the logs today – we hit a new record: an aerial truck went for $22,000 dollars.  With the Board receiving 5% ($1100) of that simply for hosting, I think everybody is walking away happy.

Here’s the auction.

Proof that I wrote it?  This’ll have to do.

Starcraft…implemented in Javascript.

Last night, I had a dream.

In it, I was breaking into a house.  In the house was a TV and a computer.  On the TV was Mario64, and on the computer, Starcraft.

Somehow, in my dream, I knew that both had been re-implemented in Javascript.  I was blown away.

When I woke up, I posted a little blurb about this dream on Twitter.  Paul Gries responded with this link:  Javascript Starcraft.

Dreams.  They can come true.  Except sometimes, you need Internet Explorer to run them.

OLM: What is it?

I’ve mentioned the OLM project a few times, and more than once, I’ve been asked:  “What is this OLM thing you keep talking about?”

So that’s what this post is for:  to provide a plain-English explanation of what OLM actually is/does.

Note: I can’t guarantee that the history of OLM is entirely accurate – I’m assembling this from hearsay, and personal accounts.  If there are any corrections to be made to this post, please comment or email me.

Part 1:  How it Used to Be

Computer Science students, at one point or another, have to computer programs for their assignments.  These programs are written in a myriad of languages (Java, Python, C, the list goes on…), and have to be marked by teaching assistants.

Originally, after students submitted their completed programs, the TA’s would print off the source code and write on the printouts to give feedback on how the code was written.  They would also use a rubric to grade the overall assignment based on predetermined criteria – which isn’t at all unusual in grading student work.

That’s how it used to be.

Part 2: The Birth of OLM

One day, the Computer Science Department at UofT decided that they wanted to write a web application for instructors to manage assignments, and to receive student submitted code.  They also wanted TA’s to be able to log in, and mark the code, almost as if they were doing it on paper.

So OLM (On-Line Marking) was born.  It was written in a web framework called TurboGears by a group of undergraduate students.

And it wasn’t bad.  It’s still used in the department to this day.

Part 3:  OLM is Reborn as…Checkmark…or OLM…or something

The original OLM has a few deficiencies.  The instructors who actually use it could probably rattle off plenty of stories about how, sometimes the client-side of the interface doesn’t entirely agree with the server, or little glitches that require diving into the database to fix.

Plus, the code-base is kind of a hodge-podge.  Not easy to extend, not easy to maintain…the framework that OLM was written on was no longer the “hot framework”, and there was little in the way of support.  Something needed to be done.

So it was decided that OLM would be recreated from the ground up, and would be an evolution based on the lessons learned from the original implementation.  It was going to be rebuilt in Ruby on Rails, and it was going to be awesome.

It was also going to be renamed.  The name “Checkmark” has been bounced around, but should really be more considered as a code-name.  The project is still referred to as OLM, or Checkmark.

(Just came up with a name idea:  MarkUs.  Note to self:  send name idea to supervisor…)

Part 4:  As it Stands

The new implementation of OLM is actually in pretty decent shape.  There are plenty of bug-fixes and unimplemented features, but a lot of the hardest stuff seems to be over – at least, in terms of matching the feature list of the original OLM.

And that’s important, because our supervisor wants this thing polished, tested, and deployed for the Fall term – and it’s got to at least match the original feature set of OLM, if not exceed it.

Part 5:  Want to See It?

If you want to see this thing, you have three choices:

  1. Catch me in person, and ask to see it.  If I have my laptop, I’ll give you a demo.
  2. Get it from our Subversion repository, and get it running on your own machine.
  3. Enroll in a CS undergrad course in the Fall, and who knows…maybe you’ll end up using it.

Anyhow, if there are any OLM related questions, or even some name ideas, please don’t hesitate to post.