Archive for April, 2004

« Older Entries

Easily work with Horizontal and Vertical content layouts

Monday, April 26th, 2004

Recently we ran into several situations where we needed to lay out content either vertically or horizontally based on data available at run-time. In an effort to keep the conditional processing to a minimum and accomplish this goal, Chafic and I came up with a technique where we store the current position as properties of an object, and based on orientation set two variables, changeTarget and changeSource, to determine how to change the position at each iteration without having to check the orientation inside the loop.

Since the contitional is outside the loop, this improves performance, reduces the amount of duplicated code, and improves reusability.

Here’s an example of this implemenation that lays out a set of colored boxes both horizontally and vertically using the same layout code with only one conditional.

var data:Array = [0xFF0000, 0x00FF00, 0x0000FF];
var contentDepth:Number = 1;

function layoutContent(x:Number, y:Number, direction:String):Void {
var pos:Object = new Object();
pos.x = x;
pos.y = y;

var changeTarget:String;
var changeSource:String;

if (direction.substr(0, 1).toLowerCase() == “h”) {
changeTarget = “x”;
changeSource = “_width”;
} else {
changeTarget = “y”;
changeSource = “_height”;
}

var max:Number = data.length;
var contentClip:MovieClip;

for (var i:Number = 0; i

Posted in Flash | 6 Comments »

REMOTE_ADDR and REMOTE_HOST not safe for use in security

Tuesday, April 20th, 2004

There was some discussion today on CF-Talk about using CGI variables to secure an application and some confusion as to which CGI variables can be spoofed and if some are safe. Particularly there’s interest in blocking out specific IP addresses from accessing a web-application.

After some testing, I confirmed that even REMOTE_ADDR, the client’s IP address, and REMOTE_HOST, the client’s host name, can be spoofed very easily. ColdFusion can do this with the CFHTTP and CFHTTPPARAM tags and I’m sure other tools are available.

These spoofs worked with JRun’s built-in web server and through IIS. I’ve also spoofed REMOTE_HOST previously with an iPlanet installation to demonstrate poor security in a client’s application.

So if you’re thinking about using CGI variables to secure a site, you need to think again. If you need to secure by IP address, then do it at the router and not in application code.

Posted in ColdFusion | 1 Comment »

Search and read CFDJ archives for free

Monday, April 19th, 2004

I just stumbled upon this search engine I wasn’t aware of previously. LookSmart.com allows you to search the contents of magazine articles and displays the articles within the LooKSmart site itself. ColdFusion Developer’s Journal is one of the available magazines.

You can search CFDJ archives and come up with interesting things like all my articles (includes articles where I’m mentioned). The same search on the CFDJ web-site turned up nothing, so LookSmart seems like a winner.

Posted in ColdFusion | No Comments »

How to make auto-complete work in custom components in Flash MX 2004

Wednesday, April 14th, 2004

I just finished the custom actiosn portion of our BLDoc project and ran across Gregg Wygonik’s blog entry asking about code hints for custom components.

When you create your custom actions file as long as you use the form id="[com.blinex.charts.AreaChart]“ for your classes then you’ll get code hints on strongly typed variables. The id must be the fully qualified class name and must be enclosed inside square brackets. This provide code hints both for variables declared using the fully qualified name and when the class is imported.

To get the code-hinting on the colon, the list of classes, you need to add a new folder to you custom actions that lists types. Here’s an example from our B-Line Charting Components 3.0, which will be released any day now.

<folder
   name="Types"
   id="Types"
   index="true"
   tiptext="Types that can be used for strong typing"
   helpid="0">

   <string
      name="AreaChart"
      tiptext="AreaChart type"
      text="AreaChart"
      helpurl="Help/BLineCharting30/content_72c6061a.htm" />

   <string
      name="BoxChart"
      tiptext="BoxChart type"
      text="BoxChart"
      helpurl="Help/BLineCharting30/content_23f3e2f8.htm" />

   <string
      name="BubbleChart"
      tiptext="BubbleChart type"
      text="BubbleChart"
      helpurl="Help/BLineCharting30/content_8497b033.htm" />
   .
   .
   .
</folder>

There is a big catch though, the suffix style code hints don’t support id’s that have a period in them. If you’re going to set up suffixes you have to use an id such as id="comblinexchartsAreaChart" which of course breaks the typed hints.

So, component developers have to choose–do they want to support typed hints or suffixed hints?

Posted in Flash | 9 Comments »

Make empty elements with XSLT

Wednesday, April 14th, 2004

I’ve been working with a lot of XSLT recently related to our BLDoc project. In the case of one of the translations, I had a need to create a resulting document that used only empty XML elements, such as:

<element />

However, no matter what I did the XSLT always produced elements like this:

<element></element>

Technically, the above two are equivalent according to XML guidelines. However, there are two situations where one might prefer the first over the second. (1), it saves bandwidth in large documents and (2) not all XML handling engines are really XML compliant.

In my case, I’m dealing with Flash MX 2004 help content which is not an XML compliant parser. It throws errors when you have closing tags in the custom actions file.

A search of Google Groups turned up about a thousand responses as usual, most of which politely said “it doesn’t matter, they’re the same thing, and if the XML parser you’re working with thinks they’re different then it’s not a compliant parser.” Unfortunately, I’m stuck with the parser built into Flash MX 2004 which is non-compliant.

I finally came across one helpful post that suggested creating the elements as text instead of using real tags.

<xsl:text disable-output-escaping="yes">&lt;identifier text="</xsl:text><xsl:value-of select="@name" /><xsl:text disable-output-escaping="yes">" /&gt;</xsl:text>

Which worked great.

This helpful answer actually came from an official support address at Microsoft. Kudos to them for answering the question and holding off on the theoretical slander.

One caveat is that it’s real easy to create invalid XML documents when creating elements from text–you have to make sure they’re well formed and all content is entity encoded.

Posted in ColdFusion, Flash | 5 Comments »

« Older Entries