It's tough to develop mobile apps - there are a large number of platforms and specialized skillsets to consider. One promising trend out there is developing mobile apps with web standards - HTML5, CSS3, and cutting edge JavaScript frameworks.

The problem is: there are many JavaScript frameworks out there. Several of the best have components or plugins for optimizing web applications for mobile devices and delivering native-feeling apps with web standard technologies. So, time for a showdown - which is the best? Which has the best upside?

View the results.

Update 9/2/2010: I heard from Adrian Bateman, Microsoft's Program Manager for Internet Explorer, on the W3C Geolocation mailing list:

We haven't announced support for the Geolocation API. As you're no doubt aware, in general we do not comment on if and when a particular feature might be part of a future product and I don't have any news to share on this particular topic.

So, not good news, but I'm holding out hope! A few other members on the list had points on Microsoft's ability to implement Geolocation.

I pulled down the latest IE9 platform preview yesterday to check its support for the W3C Geolocation API.

Unfortunately, it doesn't appear to be supported yet. I've seen rumors that it may be supported, but I'm not sure how to confirm.

In the mean time, I built a little application that will tell you if your browser supports W3C Geolocation and attempt to Geolocate you: http://www.andypemberton.com/geo/

Most of my experience with scripting has been with straight javascript. For a variety of reasons, I've been looking at some other tools, including jQuery. Below is a list of basic functions that I've used in javascript and the corresponding jQuery syntax to help you get started.

Last week, we talked about Cross-Site Scripting (XSS) and briefly touched on Cross-Site Request Forgery (CSRF). These two attacks are very common and dangerous, which explains why they consistently rank among the top five web application vulnerabilities in almost all recent studies. This week, we'll go into more detail on CSRF. First, a quick reminder about the difference between these two attacks: XSS involves injecting unauthorized code into web pages, while CSRF involves making unauthorized requests that appear to come from a legitimate, logged-in user. Another way to think about the difference is that XSS abuses the user's trust in the web application, while CSRF abuses the trust of the web application in the user.

Originally, this week's post was supposed to cover both Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF), but I quickly realized that each of these topics alone are more than enough to fill a blog entry. These two are some of the most common and dangerous web application attacks, and at first glance, it may be hard to tell the difference. Here is an easy way to distinguish them: XSS involves injecting content into an existing page, while CSRF involves taking unauthorized actions on behalf of a logged-on user. XSS can be used (and often is) to launch CSRF attacks, but they are two separate attack modes.

In my current project, we're using ExtJS for almost all of the user interface. Our basic setup is a viewport with a border layout. In the center region of the layout, we launch the various components of the web application as new tabs.

When the contents of these tabs utilized a border layout, we began to notice a problem in IE6. When we loaded the viewport and launched multiple tabs (some using border layout) via onclick listeners,  those with border layout would lose their north and south regions when you toggled around between the tabs.

I looked at how the show/hide of tabs was working via Firebug and got a sneaky suspicion that the culprit was "display:none" being used to hide divs when you toggle tabs. After some exploration into ExtJS's RSS Feed Viewer example, we saw the property "hideMode:'offsets' ". We gave it a try and set it on the panels using border layout. This configuration tells Ext to hide the panel by using top and left positions of -1000 instead of "display:none" when the tab is hidden.