HTML5 高级编程


this print for content only—size & color not accurate spine =0.84375" 304 page count Lubbers Albers Salim HTML5 Programming THE EXPERT’S VOICE® IN WEB DEVELOPMENT Pro HTML5 Programming Powerful APIs for Richer Internet Application Development   CYAN   MAGENTA   YELLOW   BLACK   PANTONE 123 C Peter Lubbers, Brian Albers, and Frank Salim Foreword by Paul Irish, Google Companion eBook Available Use HTML5 to create cutting-edge web applications BOOKS FOR PROFESSIONALS BY PROFESSIONALS® $44.99 Shelve in: Web Development/HTML User level: Intermediate Peter Lubbers THE APRESS ROADMAP Pro HTML5 Programming The Essential Guide to HTML5 Games The Definitive Guide to HTML5 Video Beginning HTML5 and CSS3 Beginning iPad & iPhone Web App Development www.apress.com SOURCE CODE ONLINE Companion eBook See last page for details on $10 eBook version ISBN 978-1-4302-2790-8 9 781430 227908 5 44 9 9 ProPro HTML5 Programming Dear Reader, HTML5 is here, and with it, web applications can achieve unprecedented power, scalability, and responsiveness. In this book, you will learn how to unlock that power and use the latest cutting-edge HTML5 web technology to build modern web applications that tap the full potential of modern browsers. This book explains the new HTML5 APIs. It provides practical, real-world examples of HTML5 features and shows which ones are supported in which browsers. We cover a selection of the most useful and powerful HTML5 APIs to get you up to speed quickly. You will learn how to develop WebApps using HTML5 features such as Geolocation, Web Storage, WebSockets, Web Workers, Canvas, Audio, and Video. You will see how these features can be combined and made to work seamlessly with other standard web technologies. With HTML5, complex functionality that used to take pages of script or nonstandard plugins can be performed today with just a few lines of markup. Crack open your favorite text editor, download one of the many free HTML5- compliant browsers, and try your hand incorporating the new communication and interaction methods built into HTML5 programming. We wrote this book to share our enthusiasm about this emerging standard with you, the Web professional. We’ve been working with, developing, and teaching HTML5 technologies for more than two years and can claim with cer- tainty that adoption of the new standards is accelerating at breakneck speed. We hope this book will inspire you to use the HTML5 APIs in creative new ways, and we look forward to seeing your code on the Web! Sincerely, Peter Lubbers, Brian Albers, and Frank Salim Brian Albers Frank Salim Pro HTML5 Programming Powerful APIs for Richer Internet Application Development ■ ■ ■ PETER LUBBERS BRIAN ALBERS FRANK SALIM ii Pro HTML5 Programming: Powerful APIs for Richer Internet Application Development Copyright © 2010 by Peter Lubbers, Brian Albers, Frank Salim All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. ISBN-13 (pbk): 978-1-4302-2790-8 ISBN-13 (electronic): 978-1-4302-2791-5 Printed and bound in the United States of America 9 8 7 6 5 4 3 2 1 Trademarked names, logos, and images may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, logo, or image we use the names, logos, and images only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights. President and Publisher: Paul Manning Lead Editor: Clay Andres Development Editor: Matthew Moodie Technical Reviewer: Paul Haine Editorial Board: Clay Andres, Steve Anglin, Mark Beckner, Ewan Buckingham, Gary Cornell, Jonathan Gennick, Jonathan Hassell, Michelle Lowman, Matthew Moodie, Duncan Parkes, Jeffrey Pepper, Frank Pohlmann, Douglas Pundick, Ben Renow-Clarke, Dominic Shakeshaft, Matt Wade, Tom Welsh Coordinating Editor: Laurin Becker Copy Editors: Heather Lang, Andy Rosenthal, Nancy Sixsmith Compositor: Kimberly Burton Indexer: Julie Grady Artist: April Milne Cover Designer: Anna Ishchenko Distributed to the book trade worldwide by Springer Science+Business Media, LLC., 233 Spring Street, 6th Floor, New York, NY 10013. Phone 1-800-SPRINGER, fax (201) 348-4505, e-mail orders-ny@springer-sbm.com, or visit www.springeronline.com. For information on translations, please e-mail rights@apress.com, or visit www.apress.com. Apress and friends of ED books may be purchased in bulk for academic, corporate, or promotional use. eBook versions and licenses are also available for most titles. For more information, reference our Special Bulk Sales–eBook Licensing web page at www.apress.com/info/bulksales. The information in this book is distributed on an “as is” basis, without warranty. Although every precaution has been taken in the preparation of this work, neither the author(s) nor Apress shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in this work. The source code for this book is available to readers at www.prohtml5.com and also at www.apress.com. For my beautiful wife, Vittoria, and for my sons—Sean and Rocky. I am so proud of you! —Peter Lubbers For John. You make it all worthwhile. —Brian Albers For people who still read books. —Frank Salim iv Contents at a Glance ■Foreword ..................................................................................................................xiii ■About the Authors..................................................................................................... xiv ■About the Technical Reviewer................................................................................... xv ■Acknowledgements .................................................................................................. xvi ■Introduction............................................................................................................. xvii ■Chapter 1: Overview of HTML5 ....................................................................................1 ■Chapter 2: Using the HTML5 Canvas API ...................................................................25 ■Chapter 3: Working with HTML5 Audio and Video....................................................65 ■Chapter 4: Using the HTML5 Geolocation API ...........................................................87 ■Chapter 5: Using the Communication APIs..............................................................115 ■Chapter 6: Using the HTML5 WebSocket API ..........................................................137 ■Chapter 7: Using the HTML5 Forms API...................................................................169 ■Chapter 8: Using the HTML5 Web Workers API.......................................................193 ■Chapter 9: Using the HTML5 Web Storage API........................................................213 ■Chapter 10: Creating HTML5 Offline Web Applications............................................243 ■Chapter 11: The Future of HTML5 ............................................................................259 ■Index........................................................................................................................269 v Contents ■Foreword ..................................................................................................................xiii ■About the Authors..................................................................................................... xiv ■About the Technical Reviewer................................................................................... xv ■Acknowledgements .................................................................................................. xvi ■Introduction............................................................................................................. xvii ■Chapter 1: Overview of HTML5 ....................................................................................1 The Story So Far—The History of HTML5..........................................................................1 The Myth of 2022 and Why It Doesn’t Matter ....................................................................2 Who Is Developing HTML5? ...............................................................................................3 A New Vision......................................................................................................................3 Compatibility and Paving the Cow Paths.................................................................................................. 3 Utility and the Priority of Constituencies .................................................................................................. 4 Interoperability Simplification .................................................................................................................. 5 Universal Access ...................................................................................................................................... 5 A Plugin–Free Paradigm ....................................................................................................5 What’s In and What’s Out? ....................................................................................................................... 6 What’s New in HTML5?......................................................................................................8 New DOCTYPE and Character Set............................................................................................................. 8 New and Deprecated Elements ................................................................................................................ 9 Semantic Markup ................................................................................................................................... 10 Simplifying Selection Using the Selectors API........................................................................................ 17 JavaScript Logging and Debugging........................................................................................................ 20 window.JSON ......................................................................................................................................... 21 ■ CONTENTS vi DOM Level 3 ........................................................................................................................................... 22 Monkeys, Squirrelfish, and Other Speedy Oddities ................................................................................ 22 Summary .........................................................................................................................23 ■Chapter 2: Using the HTML5 Canvas API ...............................................................25 Overview of HTML5 Canvas .............................................................................................25 History .................................................................................................................................................... 25 What Is a Canvas? .................................................................................................................................. 26 Canvas Coordinates................................................................................................................................ 26 When Not to Use Canvas ........................................................................................................................ 27 Fallback Content..................................................................................................................................... 27 CSS and Canvas...................................................................................................................................... 28 Browser Support for HTML5 Canvas....................................................................................................... 28 Using the HTML5 Canvas APIs .........................................................................................29 Checking for Browser Support ............................................................................................................... 29 Adding a Canvas to a Page..................................................................................................................... 30 Applying Transformations to Drawings .................................................................................................. 32 Working with Paths ................................................................................................................................ 35 Working with Stroke Styles .................................................................................................................... 38 Working with Fill Styles.......................................................................................................................... 39 Filling Rectangular Content .................................................................................................................... 40 Drawing Curves ...................................................................................................................................... 42 Inserting Images into a Canvas .............................................................................................................. 44 Using Gradients ...................................................................................................................................... 45 Using Background Patterns.................................................................................................................... 47 Scaling Canvas Objects .......................................................................................................................... 49 Using Canvas Transforms....................................................................................................................... 52 Using Canvas Text .................................................................................................................................. 53 Applying Shadows .................................................................................................................................. 55 Working with Pixel Data ......................................................................................................................... 57 ■ CONTENTS vii Implementing Canvas Security............................................................................................................... 58 Building an Application with HTML5 Canvas ...................................................................59 Practical Extra: Full Page Glass Pane..................................................................................................... 63 Summary .........................................................................................................................63 ■Chapter 3: Working with HTML5 Audio and Video................................................65 Overview of HTML5 Audio and Video...............................................................................65 Video Containers..................................................................................................................................... 65 Audio and Video Codecs ......................................................................................................................... 67 Audio and Video Restrictions.................................................................................................................. 68 Browser Support for HTML5 Audio and Video ........................................................................................ 68 Using the HTML5 Audio and Video APIs...........................................................................69 Checking for Browser Support ............................................................................................................... 70 Understanding Media Elements.............................................................................................................. 71 Working with Audio ................................................................................................................................ 76 Working with Video................................................................................................................................. 77 Practical Extras....................................................................................................................................... 84 Summary .........................................................................................................................86 ■Chapter 4: Using the HTML5 Geolocation API .......................................................87 About Location Information..............................................................................................87 Latitude and Longitude Coordinates....................................................................................................... 88 Where Does Location Information Come From?..................................................................................... 88 IP Address Geolocation Data .................................................................................................................. 89 GPS Geolocation Data............................................................................................................................. 89 Wi-Fi Geolocation Data ........................................................................................................................... 90 Cell Phone Geolocation Data................................................................................................................... 90 User–Defined Geolocation Data.............................................................................................................. 91 Browser Support for HTML5 Geolocation.........................................................................91 Privacy .............................................................................................................................92 ■ CONTENTS viii Triggering the Privacy Protection Mechanism........................................................................................ 93 Dealing with Location Information.......................................................................................................... 95 Using the HTML5 Geolocation API....................................................................................95 Checking for Browser Support ............................................................................................................... 95 Position Requests................................................................................................................................... 96 Building a Real-Time Application with HTML5 Geolocation...........................................101 Writing the HTML Display ..................................................................................................................... 104 Processing the Geolocation Data.......................................................................................................... 104 The Final Code...................................................................................................................................... 108 Practical Extras..............................................................................................................111 What’s My Status?................................................................................................................................ 111 Show Me on a Google Map................................................................................................................... 113 Summary .......................................................................................................................114 ■Chapter 5: Using the Communication APIs..........................................................115 Cross Document Messaging ..........................................................................................115 Understanding Origin Security.............................................................................................................. 117 Browser Support for Cross Document Messaging................................................................................ 118 Using the postMessage API .................................................................................................................. 119 Building an Application Using the postMessage API ............................................................................ 120 XMLHttpRequest Level 2................................................................................................126 Cross-Origin XMLHttpRequest.............................................................................................................. 126 Progress Events.................................................................................................................................... 128 Browser Support for HTML5 XMLHttpRequest Level 2 ......................................................................... 129 Using the XMLHttpRequest API............................................................................................................. 129 Building an Application Using XMLHttpRequest ................................................................................... 131 Practical Extras..............................................................................................................135 Structured Data .................................................................................................................................... 135 Framebusting ....................................................................................................................................... 135 ■ CONTENTS ix Summary .......................................................................................................................136 ■Chapter 6: Using the HTML5 WebSocket API ......................................................137 Overview of HTML5 WebSockets...................................................................................137 Real-Time and HTTP............................................................................................................................. 137 Understanding HTML5 WebSockets ..................................................................................................... 139 Browser Support for HTML5 WebSockets......................................................................146 Writing a Simple Echo WebSocket Server .....................................................................146 Using the HTML5 WebSocket API ..................................................................................154 Checking for Browser Support ............................................................................................................. 154 Basic API Usage.................................................................................................................................... 155 Building an Application with HTML5 WebSockets .........................................................158 Coding the HTML File............................................................................................................................ 159 Adding the WebSocket Code ................................................................................................................ 161 Adding the Geolocation Code................................................................................................................ 162 Putting It All Together........................................................................................................................... 162 The Final Code...................................................................................................................................... 164 Summary .......................................................................................................................167 ■Chapter 7: Using the HTML5 Forms API...............................................................169 Overview of HTML5 Forms.............................................................................................169 HTML Forms vs. XForms....................................................................................................................... 170 Functional Forms.................................................................................................................................. 170 Browser Support for HTML5 Forms...................................................................................................... 170 An Input Catalog ................................................................................................................................... 171 Using the HTML5 Forms APIs.........................................................................................176 New form attributes and functions....................................................................................................... 176 Checking forms with validation............................................................................................................ 180 Validation feedback .............................................................................................................................. 184 Building an Application with HTML5 Forms...................................................................185 ■ CONTENTS x Practical Extras. ................................................................................................................................... 190 Summary .......................................................................................................................191 ■Chapter 8: Using the HTML5 Web Workers API...................................................193 Browser Support for HTML5 Web Workers....................................................................194 Using the HTML5 Web Workers API ...............................................................................194 Checking for Browser Support . ........................................................................................................... 194 Creating HTML5 Web Workers. ............................................................................................................ 195 Loading and Executing Additional JavaScript . .................................................................................... 195 Communicating with HTML5 Web Workers .......................................................................................... 195 Coding the Main Page....................................................................................................196 Handling Errors. ................................................................................................................................... 197 Stopping HTML5 Web Workers. ........................................................................................................... 198 Using HTML5 Web Workers within HTML5 Web Workers..................................................................... 198 Using Timers. ....................................................................................................................................... 199 Simple Example Code. ......................................................................................................................... 199 Building an Application with HTML5 Web Workers........................................................200 Coding the blur.js Helper Script. .......................................................................................................... 201 Coding the blur.html Application Page . ............................................................................................... 203 Coding the blurWorker.js Web Worker Script. ..................................................................................... 204 Communicating with the Web Workers . .............................................................................................. 205 The Application in Action. .................................................................................................................... 207 Example Code. ..................................................................................................................................... 207 Summary .......................................................................................................................212 ■Chapter 9: Using the HTML5 Web Storage API....................................................213 Overview of HTML5 Web Storage ..................................................................................213 Browser Support for HTML5 Web Storage.....................................................................214 Using the HTML5 Web Storage API................................................................................215 Checking for Browser Support . ........................................................................................................... 215 ■ CONTENTS xi Setting and Retrieving Values .............................................................................................................. 216 Plugging Data Leaks............................................................................................................................. 217 Local Versus Session Storage .............................................................................................................. 219 Other Web Storage API Attributes and Functions ................................................................................. 219 Communicating Web Storage Updates................................................................................................. 221 Exploring Web Storage ......................................................................................................................... 223 Building an Application with HTML5 Web Storage ........................................................224 The Future of Browser Database Storage......................................................................235 Practical Extras..............................................................................................................238 JSON Object Storage ............................................................................................................................ 238 A Window into Sharing ......................................................................................................................... 239 Summary .......................................................................................................................241 ■Chapter 10: Creating HTML5 Offline Web Applications........................................243 Overview of HTML5 Offline Web Applications................................................................243 Browser Support for HTML5 Offline Web Applications ......................................................................... 245 Using the HTML5 Offline Web Application API ...............................................................246 Checking for Browser Support ............................................................................................................. 246 Creating a Simple Offline Application................................................................................................... 246 Going Offline......................................................................................................................................... 247 Manifest Files ....................................................................................................................................... 247 The applicationCache API..................................................................................................................... 248 Building an Application with HTML5 Offline Web Applications......................................250 Creating a Manifest File for the Application Resources........................................................................ 251 Creating the HTML Structure and CSS of the UI ................................................................................... 252 Creating the Offline JavaScript............................................................................................................. 252 Check for ApplicationCache Support.................................................................................................... 254 Adding the Update Button Handler ....................................................................................................... 255 Add Geolocation Tracking Code............................................................................................................ 255 ■ CONTENTS xii Adding Storage Code............................................................................................................................ 256 Adding Offline Event Handling.............................................................................................................. 256 Summary .......................................................................................................................257 ■Chapter 11: The Future of HTML5 ........................................................................259 Browser Support for HTML5 ..........................................................................................259 HTML Evolves.................................................................................................................259 WebGL .................................................................................................................................................. 260 Devices................................................................................................................................................. 262 Audio Data API...................................................................................................................................... 263 Video Improvements............................................................................................................................. 263 Touchscreen Device Events.................................................................................................................. 263 Peer-to-Peer Networking...................................................................................................................... 266 Ultimate Direction................................................................................................................................. 267 Summary .......................................................................................................................267 ■Index........................................................................................................................269 xiii Foreword In June 2004, representatives from the semantic web community, major browser vendors, and the W3C met in San Jose, California to discuss the standards body’s response to the rise of web applications. At the end of the second day, a vote was held to decide whether the W3C should augment HTML and the DOM to address the new requirements of web applications. Minutes from the event record the anonymous and curious result, “8 for, 14 against.” This schism lead to a divergence in effort: two days later, the WHATWG was formed from the major browser vendors to solve emerging issues. Meanwhile, the W3C pushed forward with the XHTML2 specification, only to drop it five years later to focus on an aligned HTML5 effort with the WHATWG. Now, six years since, we stand to benefit greatly from the passionate minds that have designed HTML5. The features both codify de facto standards that have been in use for years and lay the groundwork for next-generation web applications. Putting them to use means a more engaging and responsive web experience for your users and, oftentimes, far less code for you. In this book, you'll find a well-designed learning curve bringing you up to speed on the features within HTML5 and its associated specifications. You'll learn best practices of feature detection, appropriate use cases, and a lot of the whys that you won’t find in the specifications. The code examples are not plain, trivial uses of each API but instead lead you through building actual web applications. I hope this book is able to serve you well, and I hope you’ll be as excited about the next generation of the web as I am. Paul Irish Google and jQuery Dev Relations and Lead Developer for Modernizr xiv About the Authors ■ Peter Lubbers is the director of documentation and training at Kaazing. An HTML5 and WebSockets enthusiast, Peter is a frequent speaker at international events and teaches HTML5 training courses worldwide. Prior to joining Kaazing, Peter worked for almost ten years as an information architect at Oracle, where he wrote award-winning books and developed patent-pending software solutions. A native of the Netherlands, Peter served as a special forces commando in the Royal Dutch Green Berets. Peter lives on the edge of the Tahoe National Forest in California, and in his spare time, he runs ultramarathons. You can follow Peter on Twitter (@peterlubbers). ■ Brian Albers is the vice president of research and development at Kaazing. His career in web development spans a decade and a half, including his most recent position as a senior development manager at Oracle. Brian is a regular speaker at conferences, such as Web 2.0 Expo, AJAXWorld Expo, and JavaOne, where he focuses on Web and user interface technologies. A native Texan and current California resident, Brian spends as much time as possible escaping to Hawaii. When he cannot relax on the beach, Brian can be found frequenting a variety of virtual worlds in his spare time. ■ Frank Salim is one of the original engineers at Kaazing who helped craft the WebSockets gateway and client strategy. Frank is a San Diego native currently residing in Mountain View, California. He holds a degree in computer science from Pomona College. When he is not programming, Frank enjoys reading, painting, and inline skating. xv About the Technical Reviewer Paul Haine is a client-side developer currently working in London for the Guardian newspaper. He is the author of HTML Mastery: Semantics, Standards, and Styling (friends of ED, 2006) and runs a personal web site at www.joeblade.com. xvi Acknowledgments I’d like to thank my wife Vittoria, for her love and patience, and my talented sons Sean and Rocky—reach for the stars, boys! Thanks to my parents, Herman and Elisabeth, my sister Alice, and my brother David for always believing in me, and to my late grandmother Gebbechien whose courageous acts during the Nazi occupation of Holland were a great lesson to our family. To my coauthors, the never-tiring Brian and the code-generating human Frank, it has been an honor to work with both of you. Thanks also to Clay at Apress for all your support, and, finally, thanks to Jonas and John at Kaazing for pushing us to write a “real” book—an “unofficial e-book” would still be just a figment of our imagination, I am sure! —Peter Lubbers To my parents, Ken and Patty Albers, I offer my deepest love and appreciation for the sacrifices you made to bring me so many opportunities. Without your encouragement and the values you instilled in me, I would never have completed this or any other major life journey. You’ve been guiding me every step of the way. To John, my deepest thanks for your patience every time that extra hour of work stretched to two, three, or more. You amaze and inspire me. To Pitch, Bonnie, and Penelope, a scritch on the chin and a promise that dinner won’t be so late any more. To the cats who came before, your purrs stay with me. To my coworkers at Kaazing, much appreciation for the chance to work with the best and the brightest. And a special thanks to the editorial staff at Apress for first believing that the time was right for an HTML5 book and then for having patience with us while we attempted to document a rapidly moving target. —Brian Albers I’d like to thank my parents, Mary and Sabri, who are responsible for my existence and without whom this book would literally not be possible. —Frank Salim xvii Introduction HTML5 is brand new. Indeed, it isn’t even finished yet. And if you listen to some ornery pundits, they’ll tell you that HTML5 won’t be ready for ten years or more! Why, then, would anyone think that now’s the time for a book called Pro HTML5 Programming? That’s easy. Because for anyone who’s looking for an extra edge to make your web application stand above the rest, the time for HTML5 is right now. The authors of this book have been working with, developing, and teaching HTML5 technologies for more than two years now and can claim with certainty that adoption of the new standards is accelerating at dizzying speeds. Even over the course of writing this book, we’ve been forced to continually update our browser support matrix and reevaluate our assumptions about what is ready to use. Most users don’t really understand the power that’s available in the browsers they are now using. Yes, they might notice some minor interface enhancement after their favorite browser has automatically updated. But they might have no idea that this new browser version just introduced a free-form drawing canvas or real-time network communication, or any number of other potential upgrades. With this book, we aim to help you unlock the power HTML5. Who This Book Is For The content in this book is intended for the experienced web application developer who is familiar with JavaScript programming. In other words, we won’t be covering the basics of web development in this text. There are many existing resources to get you up to speed in the fundamentals of web programming. That said, if you see yourself in any of the following bullets, this book will likely provide you with useful insight and information you are looking for: • You sometimes find yourself thinking, “If only my browser could. . .” • You find yourself using page source and developer tools to dissect a particularly impressive website. • You enjoy reading the release notes of the latest browser updates to find out what’s new. • You are looking for ways to optimize or streamline your applications. • You are willing to tailor your website to provide the best possible experience for users on relatively recent browsers. If any of these apply to you, this book may be a good fit with your interests. While we take care to point out the limitations of browser support where appropriate, our aim is not to give you elaborate workarounds to make your HTML5 application run seamlessly on a ten-year-old browser. Experience has shown that the workarounds and baseline browser support are evolving so rapidly that a book like this is not the best vehicle for such information. Instead, we will focus on the ■ INTRODUCTION CONTENTS xviii specification of HTML5 and how to use it. Detailed workarounds can be found on the Internet and will become less necessary over time. An Overview of This Book The eleven chapters of this book cover a selection of popular, useful, and powerful HTML5 APIs. In some cases, we have built on the capabilities introduced in earlier chapters to provide you with richer demonstrations. Chapter 1, “Introduction to HTML5,” starts off with the background of past and current versions of the HTML specification. The new high-level semantic tags are presented, along with basic changes and the rationale behind all the recent developments in HTML5. It’s good to know this terrain. Chapter 2, “Using the HTML5 Canvas API”, and Chapter 3, “Working with HTML5 Audio and Video,” describe the new visual and media elements. In these chapters, the focus is on finding simpler ways to spruce up your user interface without plugins or server-side interaction. Chapter 4, “Using the HTML5 Geolocation API,” introduces a truly new feature that was not easily emulated before now—the ability for an application to identify the user’s current location and use that to customize the experience. Privacy is important here, so we cover some of the caveats, as well. The next two chapters, “Using the Communication APIs” and “Using the HTML5 WebSocket API,” present increasingly powerful ways that HTML5 lets you communicate with other websites and stream real-time data to an application with both simplicity and minimal overhead. The techniques in these chapters will enable you to simplify the many overly complex architectures deployed on the Web today. Chapter 7, “Using the HTML5 Forms API,” presents you with minimal tweaks you can make to your desktop or mobile web applications today to increase usability, as well as more fundamental changes you can make to detect page entry errors in very common usage scenarios. Chapters 8, 9, and 10—“Using the HTML5 Web Workers API,” “Using the HTML5 Storage API,” and “Creating HTML5 Offline Web Applications”—deal with the internal plumbing of your applications. Here, you will find ways to optimize the existing functionality to obtain better performance and better data management. Finally, Chapter 11, “The Future of HTML5,” will give you a tasty preview of what’s still to come. Example Code and Companion Web Site The code for the examples shown in this book is available online in the Source Code section of the Apress web site. Visit www.apress.com, click Source Code, and look for this book’s title. You can download the source code from this book’s home page. In addition, we are hosting a companion site for the book at www.prohtml5.com, from which you can also download the sample code and some practical extras. Contacting the Authors Thank you for buying this book. We hope you enjoy reading it and that you find it a valuable resource. Despite our best effort to avoid errors, we realize that things sometimes slip through the cracks, and we’d like to express, in advance, our regrets for any such slip-ups. We welcome your personal feedback, questions, and comments regarding this book’s content and source code. You can contact us by sending us an e-mail at prohtml5@gmail.com. C H A P T E R 1 ■ ■ ■ 1 Overview of HTML5 This book is about HTML5 Programming. Before you can understand HTML5 programming, however, you need to take a step back and understand what HTML5 is, a bit of the history behind it, and the differences between HTML4 and HTML5. In this chapter, we get right to the practical questions to which everyone wants answers. Why HTML5, and why all the excitement just now? What are the new design principles that make HTML5 truly revolutionary—but also highly accommodating? What are the implications of a plugin-free paradigm; what’s in and what’s out? What’s new in HTML, and how does this kick off a whole new era for web developers? Let’s get to it. The Story So Far—The History of HTML5 HTML goes back a long way. It was first published as an Internet draft in 1993. The ’90s saw an enormous amount of activity around HTML, with version 2.0, versions 3.2, and 4.0 (in the same year!), and finally, in 1999, version 4.01. In the course of its development, the World Wide Web Consortium (W3C) assumed control of the specification. After the rapid delivery of these four versions though, HTML was widely considered a dead-end; the focus of web standards shifted to XML and XHTML, and HTML was put on the back burner. In the meantime, HTML refused to die, and the majority of content on the web continued to be served as HTML. To enable new web applications and address HTML’s shortcomings, new features and specifications were needed for HTML. Wanting to take the web platform to a new level, a small group of people started the Web Hypertext Application Working Group (WHATWG) in 2004. They created the HTML5 specification. They also began working on new features specifically geared to web applications—the area they felt was most lacking. It was around this time that the term Web 2.0 was coined. And it really was like a second new web, as static web sites gave way to more dynamic and social sites that required more features—a lot more features. The W3C became involved with HTML again in 2006 and published the first working draft for HTML5 in 2008, and the XHTML 2 working group stopped in 2009. Another year passed, and that is where we stand today. Because HTML5 solves very practical problems (as you will see later), browser vendors are feverishly implementing its new features, even though the specification has not been completely locked down. Experimentation by the browsers feeds back into and improves the specification. HTML5 is rapidly evolving to address real and practical improvements to the web platform. CHAPTER 1 ■ OVERVIEW OF HTML5 2 MOMENTS IN HTML Brian says: “Hi, I’m Brian, and I’m an HTML curmudgeon. I authored my first home page back in 1995. At the time, a ‘home page’ was something you created to talk about yourself. It usually consisted of badly scanned pictures, tags, information about where you lived and what you were reading, and which computer-related project you were currently working on. Myself and most of my fellow ‘World Wide Web developers’ were attending or employed by universities. At the time, HTML was primitive and tools were unavailable. Web applications hardly existed, other than a few primitive text-processing scripts. Pages were coded by hand using your favorite text editor. They were updated every few weeks or months, if ever. We’ve come a long way in fifteen years. Today, it isn’t uncommon for users to update their online profiles many times a day. This type of interaction wouldn’t have been possible if not for the steady, lurching advances in online tools that built on each previous generation. Keep this in mind as you read this book. The examples we show here may seem simplistic at times, but the potential is limitless. Those of us who first used tags in the mid-1990s probably had no idea that within ten years, many people would be storing and editing their photos online, but we should have predicted it. We hope the examples we present in this book will inspire you beyond the basics and to create the new foundation of the Web for the next decade.” The Myth of 2022 and Why It Doesn’t Matter The HTML5 specification that we see today has been published as a working draft—it is not yet final. So when does it get cast in stone? Here are the key dates that you need to know. The first is 2012, which is the target date for the candidate recommendation. The second date is 2022, which is the proposed recommendation. Wait! Not so fast! Don’t close this book to set it aside for ten years before you consider what these two dates actually mean. The first and nearest date is arguably the most important one, because once we reach that stage, HTML5 will be complete. That’s just two years away. The significance of the proposed recommendation (which we can all agree is a bit distant) is that there will then be two interoperable implementations. This means two browsers equipped with completely interoperable implementations of the entire specifications—a lofty goal that actually makes the 2022 deadline seem ambitious. After all, we haven’t even achieved that in HTML4. What is important, right now, is that browser vendors are actively adding support for many very cool new features. Depending on your audience, you can start using many of these features today. Sure, any number of minor changes will need to be made down the road, but that’s a small price to pay for enjoying the benefits of living on the cutting edge. Of course, if your audience uses Internet Explorer 6.0, many of the new features won’t work and will require emulation—but that’s still not a good reason to dismiss HTML5. After all, those users, too, will eventually be jumping to a later version. Many of them will probably move to Internet Explorer 9.0 right away, and Microsoft promises to design that browser CHAPTER 1 ■ OVERVIEW OF HTML5 3 with increased HTML5 support. In practice, the combination of new browsers and improving emulation techniques means you can use many HTML5 features today or in the very near future. Who Is Developing HTML5? We all know that a certain degree of structure is needed, and somebody clearly needs to be in charge of the specification of HTML5. That challenge is the job of three important organizations: • Web Hypertext Application Technology Working Group (WHATWG): Founded in 2004 by individuals working for browser vendors Apple, Mozilla, Google, and Opera, WHATWG develops HTML and APIs for web application development and provides open collaboration of browser vendors and other interested parties. • World Wide Web Consortium (W3C): The W3C contains the HTML working group that is currently charged with delivering the HTML5 specification. • Internet Engineering Task Force (IETF): This task force contains the groups responsible for Internet protocols such as HTTP. HTML5 defines a new WebSocket API that relies on a new WebSocket protocol, which is under development in an IETF working group. A New Vision HTML5 is based on various design principles, spelled out in the WHATWG specification, that truly embody a new vision of possibility and practicality. • Compatibility • Utility • Interoperability • Universal access Compatibility and Paving the Cow Paths Don’t worry; HTML5 is not an upsetting kind of revolution. In fact, one of its core principles is to keep everything working smoothly. If HTML5 features are not supported, the behavior must degrade gracefully. In addition, since there is about 20 years of HTML content out there, supporting all that existing content is important. A lot of effort has been put into researching common behavior. For example, Google analyzed millions of pages to discover the common ID names for DIV tags and found a huge amount of repetition. For example, many people used DIV id="header" to mark up header content. HTML5 is all about solving real problems, right? So why not simply create a
element? Although some features of the HTML5 standard are quite revolutionary, the name of the game is evolution not revolution. After all, why reinvent the wheel? (Or, if you must, then at least make a better one!) CHAPTER 1 ■ OVERVIEW OF HTML5 4 Utility and the Priority of Constituencies The HTML5 specification is written based upon a definite Priority of Constituencies. And as priorities go, “the user is king.” This means, when in doubt, the specification values users over authors, over implementers (browsers), over specifiers (W3C/WHATWG), and over theoretical purity. As a result, HTML5 is overwhelmingly practical, though in some cases, less than perfect. Consider this example. The following code snippets are all equally valid in HTML5: id="prohtml5" id=prohtml5 ID="prohtml5" Sure, some will object to this relaxed syntax, but the bottom line is that the end user doesn’t really care. We’re not suggesting that you start writing sloppy code, but ultimately, it’s the end user who suffers when any of the preceding examples generates errors and doesn’t render the rest of the page. HTML5 has also spawned the creation of XHTML5 to enable XML tool chains to generate valid HTML5 code. The serializations of the HTML or the XHTML version should produce the same DOM trees with minimal differences. Obviously, the XHTML syntax is a lot stricter, and the code in the last two examples would not be valid. Secure by Design A lot of emphasis has been given to making HTML5 secure right out of the starting gate. Each part of the specification has sections on security considerations, and security has been considered up front. HTML5 introduces a new origin-based security model that is not only easy to use but is also used consistently by different APIs. This security model allows us to do things in ways that used to be impossible. It allows us to communicate securely across domains without having to revert to all kinds of clever, creative, but ultimately insecure hacks. In that respect, we definitely will not be looking back to the good old days. Separation of Presentation and Content HTML5 takes a giant step toward the clean separation of presentation and content. HTML5 strives to create this separation wherever possible, and it does so using CSS. In fact, most of the presentational features of earlier versions of HTML are no longer supported (but will still work!), thanks to the compatibility design principle mentioned earlier. This idea is not entirely new, though; it was already in the works in HTML4 Transitional and XHTML1.1. Web designers have been using this as a best practice for a long time, but now, it is even more important to cleanly separate the two. The problems with presentational markup are: • Poor accessibility • Unnecessary complexity (it’s harder to read your code with all the inline styling) • Larger document size (due to repetition of style content), which translates into slower-loading pages CHAPTER 1 ■ OVERVIEW OF HTML5 5 Interoperability Simplification HTML5 is all about simplification and avoiding needless complexity. The HTML5 mantra? “Simple is better. Simplify wherever possible.” Here are some examples of this: • Native browser ability instead of complex JavaScript code • A new, simplified DOCTYPE • A new, simplified character set declaration • Powerful yet simple HTML5 APIs We’ll say more about some of these later. To achieve all this simplicity, the specification has become much bigger, because it needs to be much more precise—far more precise, in fact, than any previous version of the HTML specification. It specifies a legion of well-defined behaviors in an effort to achieve true browser interoperability by 2022. Vagueness simply will not make that happen. The HTML5 specification is also more detailed than previous ones to prevent misinterpretation. It aims to define things thoroughly, especially web applications. Small wonder, then, that the specification is over 900 pages long! HTML5 is also designed to handle errors well, with a variety of improved and ambitious error- handling plans. Quite practically, it prefers graceful error recovery to hard failure, again giving A-1 top priority to the interest of the end user. For example, errors in documents will not result in catastrophic failures in which pages do not display. Instead, error recovery is precisely defined so browsers can display “broken” markup in a standard way. Universal Access This principle is divided into three concepts: • Accessibility: To support users with disabilities, HTML5 works closely with a related standard called Web Accessibility Initiative (WAI) Accessible Rich Internet Applications (ARIA). WAI-ARIA roles, which are supported by screen readers, can be already be added to your HTML elements. • Media Independence: HTML5 functionality should work across all different devices and platforms if at all possible. • Support for all world languages: For example, the new element supports the Ruby annotations that are used in East Asian typography. A Plugin–Free Paradigm HTML5 provides native support for many features that used to be possible only with plugins or complex hacks (a native drawing API, native sockets, and so on). Plugins, of course, present problems: • Plugins cannot always be installed. • Plugins can be disabled or blocked (for example, the Apple iPad does not ship with a Flash plugin). CHAPTER 1 ■ OVERVIEW OF HTML5 6 • Plugins are a separate attack vector. • Plugins are difficult to integrate with the rest of an HTML document (because of plugin boundaries, clipping, and transparency issues). Although some plugins have high install rates, they are often blocked in controlled corporate environments. In addition, some users choose to disable these plugins due to the unwelcome advertising displays that they empower. However, if users disable your plugin, they also disable the very program you’re relying on to display your content. Plugins also often have difficulty integrating their displays with the rest of the browser content, which causes clipping or transparency issues with certain site designs. Because plugins use a self- contained rendering model that is different from that of the base web page, developers face difficulties if pop-up menus or other visual elements need to cross the plugin boundaries on a page. This is where HTML5 comes on the scene, smiles, and waves its magic wand of native functionality. You can style elements with CSS and script with JavaScript. In fact, this is where HTML5 flexes its biggest muscle, showing us a power that just didn’t exist in previous versions of HTML. It’s not just that the new elements provide new functionality. It’s also the added native interaction with scripting and styling that enables us to do much more than we could ever do before. Take the new canvas element, for example. It enables us to do some pretty fundamental things that were not possible before (try drawing a diagonal line in a web page in HTML4). However, what’s most interesting is the power that we can unlock with the APIs and the styling we can apply with just a few lines of CSS code. Like well-behaved children, the HTML5 elements also play nicely together. For example, you can grab a frame from a video element and display it on a canvas, and the user can just click the canvas to play back the video from the frame you just grabbed. This is just one example of what a native code has to offer over a plugin. In fact, virtually everything becomes easier when you’re not working with a black box. What this all adds up to is a truly powerful new medium, which is why we decided to write a book about HTML5 programming, and not just about the new elements! What’s In and What’s Out? So, what really is part of HTML5? If you read the specification carefully, you might not find all of the features we describe in this book. For example, you will not find HTML5 Geolocation and Web Workers in there. So are we just making this stuff up? Is it all hype? No, not at all! Many pieces of the HTML5 effort (for example, Web Storage and Canvas 2D) were originally part of the HTML5 specification and were then moved to separate standards documents to keep the specification focused. It was considered smarter to discuss and edit some of these features on a separate track before making them into official specifications. This way, one small contentious markup issue wouldn’t hold up the show of the entire specification. Experts in specific areas can come together on mailing lists to discuss a given feature without the crossfire of too much chatter. The industry still refers to the original set of features, including Geolocation, as HTML5. Think of HTML5, then, as an umbrella term that covers the core markup, as well as many cool new APIs. At the time of this writing, these features are part of HTML5: • Canvas (2D and 3D) • Channel messaging • Cross-document messaging • Geolocation CHAPTER 1 ■ OVERVIEW OF HTML5 7 • MathML • Microdata • Server-Sent events • Scalable Vector Graphics (SVG) • WebSocket API and protocol • Web origin concept • Web storage • Web SQL database • Web Workers • XMLHttpRequest Level 2 As you can see, a lot of the APIs we cover in this book are on this list. How did we choose which APIs to cover? We chose to cover features that were at least somewhat baked. Translation? They’re available in some form in more than one browser. Other (less-baked) features may only work in one special beta version of a browser, while others are still just ideas at this point. In this book, we will give you an up-to-date overview (at the time of this writing) of the browser support available for each of the HTML5 features we cover. However, whatever we tell you will soon be out of date, because this is very much a moving target. Don’t worry though; there are some excellent online resources that you can use to check current (and future) browser support. The site www.caniuse.com provides an exhaustive list of features and browser support broken down by browser version and the site www.html5test.com checks the support for HTML5 features in the browser you use to access it. Furthermore, this book does not focus on providing you with the emulation workarounds to make your HTML5 applications run seamlessly on antique browsers. Instead, we will focus primarily on the specification of HTML5 and how to use it. That said, for each of the APIs we do provide some example code that you can use to detect its availability. Rather than using user agent detection, which is often unreliable, we use feature detection. For that, you can also use Modernizr—a JavaScript library that provides very advanced HTML5 and CSS3 feature detection. We highly recommend you use Modernizr in your applications, because it is hands down the best tool for this. MORE MOMENTS IN HTML Frank says: “Hi, I’m Frank, and I sometimes paint. One of the first HTML canvas demonstrations I saw was a basic painting application that mimicked the user interface of Microsoft Paint. Although it was decades behind the state of the art in digital painting and, at the time, ran in only a fraction of existing browsers, it got me thinking about the possibilities it represented. When I paint digitally, I typically use locally installed desktop software. While some of these programs are excellent, they lack the characteristics that make web applications so great. In short, they are disconnected. Sharing digital paintings has, to date, involved exporting an image from a painting CHAPTER 1 ■ OVERVIEW OF HTML5 8 application and uploading it to the Web. Collaboration or critiques on a live canvas are out of the question. HTML5 applications can short-circuit the export cycle and make the creative process fit into the online world along with finished images. The number of applications that cannot be implemented with HTML5 is dwindling. For text, the Web is already the ultimate two-way communication medium. Text-based applications are available in entirely web-based forms. Their graphical counterparts, like painting, video editing, and 3D modeling software, are just arriving now. We can now build great software to create and enjoy images, music, movies, and more. Even better, the software we make will be on and off the Web: a platform that is ubiquitous, empowering, and online.” What’s New in HTML5? Before we start programming HTML5, let’s take a quick look at what’s new in HTML5. New DOCTYPE and Character Set First of all, true to design principle 3—simplification—the DOCTYPE for web pages has been greatly simplified. Compare, for example, the following HTML4 DOCTYPEs: Who could ever remember any of these? We certainly couldn’t. We would always just copy and paste some lengthy DOCTYPE into the page, always with a worry in the back of our minds, “Are you absolutely sure you pasted the right one?” HTML5 neatly solves this problem as follows: Now that’s a DOCTYPE you might just remember. Like the new DOCTYPE, the character set declaration has also been abbreviated. It used to be Now, it is: Using the new DOCTYPE triggers the browser to display pages in standards mode. For example, Figure 1-1 shows the information you will see if you open an HTML5 page in Firefox, and you click Tools ➤ Page Info. In this example, the page is rendered in standards mode. CHAPTER 1 ■ OVERVIEW OF HTML5 9 Figure 1-1. A page rendered in standards-compliant mode When you use the new HTML5 DOCTYPE, it triggers browsers to render the page in standards- compliant mode. As you may know, Web pages can have different rendering modes, such as Quirks, Almost Standards, and Standards (or no-quirks) mode. The DOCTYPE indicates to the browser which mode to use and what rules are used to validate your pages. In Quirks mode, browsers try to avoid breaking pages and render them even if they are not entirely valid. HTML5 introduces new elements and others (more on this in the next section) so that if you use deprecated elements, your page will not be valid. New and Deprecated Elements HTML5 introduces many new markup elements, which it groups into seven different content types. These are shown below in Table 1-1. CHAPTER 1 ■ OVERVIEW OF HTML5 10 Table 1-1. HTML5 Content Types Content Type Description Embedded Content that imports other resources into the document, for example audio, video, canvas, and iframe Flow Elements used in the body of documents and applications, for example form, h1, and small Heading Section headers, for example h1, h2, and hgroup Interactive Content that users interact with, for example audio or video controls, button, and textarea Metadata Elements—commonly found in the head section— that set up the presentation or behavior of the rest of the document, for example script, style, and title Phrasing Text and text markup elements, for example mark, kbd, sub, and sup Sectioning Elements that define sections in the document, for example article, aside, and title All of these elements can be styled with CSS. In addition, some of them, such as canvas, audio, and video, can be used by themselves, though they are accompanied by APIs that allow for fine-grained native programmatic control. These APIs will be discussed in much more detail later in this book. It is beyond the scope of this book to discuss all these new elements, but the sectioning elements (discussed in the next section) are new. The canvas, audio, and video elements are also new in HTML5. Likewise, we’re not going to provide an exhaustive list of all the deprecated tags (there are many good online resources online for this), but many of the elements that performed inline styling have been removed in favor of using CSS, such as big, center, font, and basefont. Semantic Markup One content type that contains many new HTML5 elements is the sectioning content type. HTML5 defines a new semantic markup to describe an element’s content. Using semantic markup doesn’t provide any immediate benefits, but it does simplify the design of your HTML pages, and in the future, search engines will definitely be taking advantage of these elements as they crawl and index pages. As we said before, HTML5 is all about paving the cow paths. Google analyzed millions of pages to discover the common ID names for DIV tags and found a huge amount of repetition. For example, since many people used DIV id="footer" to mark up footer content, HTML5 provides a set of new sectioning elements that you can use in modern browsers right now. Table 1-2 shows the different semantic markup elements. CHAPTER 1 ■ OVERVIEW OF HTML5 11 Table 1-2. New sectioning HTML5 elements Sectioning Element Description header Header content (for a page or a section of the page) footer Footer content (for a page or a section of the page) section A section in a web page article Independent article content aside Related content or pull quotes nav Navigational aids All of these elements can be styled with CSS. In fact, as we described in the utility design principle earlier, HTML5 pushes the separation of content and presentation, so you have to style your page using CSS styles in HTML5. Listing 1-1 shows what an HTML5 page might look like. It uses the new DOCTYPE, character set, and semantic markup elements—in short, the new sectioning content. The code file is also available in the code/intro folder. Listing 1-1. An Example HTML5 Page HTML5

Header

Subtitle

HTML5 Rocks!

CHAPTER 1 ■ OVERVIEW OF HTML5 12

Article Header

Lorem ipsum dolor HTML5 nunc aut nunquam sit amet, consectetur adipiscing elit. Vivamus at est eros, vel fringilla urna.

Per inceptos himenaeos. Quisque feugiat, justo at vehicula pellentesque, turpis lorem dictum nunc.

Article Footer

Article Header

HTML5: "Lorem ipsum dolor nunc aut nunquam sit amet, consectetur adipiscing elit. Vivamus at est eros, vel fringilla urna. Pellentesque odio

Article Footer

Footer

CHAPTER 1 ■ OVERVIEW OF HTML5 13 Without styles, the page would be pretty dull to look at. Listing 1-2 shows some of the CSS code that can be used to style the content. Note that this style sheet uses some of the new CSS3 features, such as rounded corners (for example, border-radius) and rotate transformations (for example, transform: rotate();). Note that CSS3—just like HTML5 itself—is still under development and is modularized with subspecifications for easier browser uptake (for example, transformation, animation, and transition are all areas that are in separate subspecifications). Experimental CSS3 features are prefixed with vendor strings to avoid namespace conflicts should the specifications change. To display rounded corners, gradients, shadows, and transformations, it is currently necessary to use prefixes such as -moz- (for Mozilla), o- (for Opera), and -webkit- (for WebKit- based browsers such as Safari and Chrome) in your declarations. Listing 1-2. CSS File for the HTML5 Page body { background-color:#CCCCCC; font-family:Geneva,Arial,Helvetica,sans-serif; margin: 0px auto; max-width:900px; border:solid; border-color:#FFFFFF; } header { background-color: #F47D31; display:block; color:#FFFFFF; text-align:center; } header h2 { margin: 0px; } h1 { font-size: 72px; margin: 0px; } h2 { font-size: 24px; margin: 0px; text-align:center; color: #F47D31; } h3 { font-size: 18px; margin: 0px; text-align:center; color: #F47D31; } CHAPTER 1 ■ OVERVIEW OF HTML5 14 h4 { color: #F47D31; background-color: #fff; -webkit-box-shadow: 2px 2px 20px #888; -webkit-transform: rotate(-45deg); -moz-box-shadow: 2px 2px 20px #888; -moz-transform: rotate(-45deg); position: absolute; padding: 0px 150px; top: 50px; left: -120px; text-align:center; } nav { display:block; width:25%; float:left; } nav a:link, nav a:visited { display: block; border-bottom: 3px solid #fff; padding: 10px; text-decoration: none; font-weight: bold; margin: 5px; } nav a:hover { color: white; background-color: #F47D31; } nav h3 { margin: 15px; color: white; } #container { background-color: #888; } section { display:block; width:50%; float:left; } CHAPTER 1 ■ OVERVIEW OF HTML5 15 article { background-color: #eee; display:block; margin: 10px; padding: 10px; -webkit-border-radius: 10px; -moz-border-radius: 10px; border-radius: 10px; -webkit-box-shadow: 2px 2px 20px #888; -webkit-transform: rotate(-10deg); -moz-box-shadow: 2px 2px 20px #888; -moz-transform: rotate(-10deg); } article header { -webkit-border-radius: 10px; -moz-border-radius: 10px; border-radius: 10px; padding: 5px; } article footer { -webkit-border-radius: 10px; -moz-border-radius: 10px; border-radius: 10px; padding: 5px; } article h1 { font-size: 18px; } aside { display:block; width:25%; float:left; } aside h3 { margin: 15px; color: white; } aside p { margin: 15px; color: white; font-weight: bold; font-style: italic; } CHAPTER 1 ■ OVERVIEW OF HTML5 16 footer { clear: both; display: block; background-color: #F47D31; color:#FFFFFF; text-align:center; padding: 15px; } footer h2 { font-size: 14px; color: white; } /* links */ a { color: #F47D31; } a:hover { text-decoration: underline; } Figure 1-2 shows an example of the page in Listing 1-1, styled with CSS (and some CSS3) styles. Keep in mind, however, that there is no such thing as a typical HTML5 page. Anything goes, really, and this example uses many of the new tags mainly for purposes of demonstration. CHAPTER 1 ■ OVERVIEW OF HTML5 17 Figure 1-2. An HTML5 page with all the new semantic markup elements One last thing to keep in mind is that browsers may seem to render things as if they actually understand these new elements. The truth is, however, that these elements could have been renamed foo and bar and then styled, and they would have been rendered the same way (but of course, they would not have any benefits in search engine optimization). The one exception to this is Internet Explorer, which requires that elements be part of the DOM. So, if you want to see these elements in IE, you must programmatically insert them into the DOM and display them as block elements. Simplifying Selection Using the Selectors API Along with the new semantic elements, HTML5 also introduces new simple ways to find elements in your page DOM. Table 1-3 shows the previous versions of the document object allowed developers to make a few calls to find specific elements in the page. CHAPTER 1 ■ OVERVIEW OF HTML5 18 Table 1-3. Previous JavaScript Methods to Find Elements Function Description Example getElementById() Returns the element with the specified id attribute value
getElementById("foo"); getElementsByName() Returns all elements whose name attribute has the specified value getElementsByName("foo"); getElementsByTagName() Return all elements whose tag name matches the specified value getElementsByTagName("input"); With the new Selectors API, there are now more precise ways to specify which elements you would like to retrieve without resorting to looping and iterating through a document using standard DOM. The Selectors API exposes the same selector rules present in CSS as a means to find one or more elements in the page. For example, CSS already has handy rules for selecting elements based on their nesting, sibling, and child patterns. The most recent versions of CSS add support for more pseudo-classes—for example, whether an object is enabled, disabled, or checked—and just about any combination of properties and hierarchy you could imagine. To select elements in your DOM using CSS rules, simply utilize one of the functions shown in Table 1-4. Table 1-4. New QuerySelector methods Function Description Example Result querySelector() Return the first element in the page which matches the specified selector rules(s) querySelector("input.error"); Return the first input field with a style class of “error” querySelectorAll() Returns all elements which match the specified rule or rules querySelectorAll("#results td"); Return any table cells inside the element with id results It is also possible to send more than one selector rule to the Selector API functions, for example: // select the first element in the document with the // style class highClass or the style class lowClass var x = document.querySelector(“.highClass”, “.lowClass”); In the case of querySelector(), the first element that matches either rule is selected. In the case of querySelectorAll(), any element matching any of the listed rules is returned. Multiple rules are comma- separated. CHAPTER 1 ■ OVERVIEW OF HTML5 19 The new Selector API makes it easy to select sections of the document that were painful to track before. Assume, for example, that you wanted the ability to find whichever cell of a table currently had the mouse hovering over it. Listing 1-3 shows how this is trivially easy with a selector. This file is also in the code/intro directory. Listing 1-3. Using the Selector API Query Selector Demo
A1 A2 A3
B1 B2 B3
C1 C2 C3
Focus the button, hover over the table cells, and hit Enter to identify them using querySelector('td:hover').
CHAPTER 1 ■ OVERVIEW OF HTML5 20
As you can see from this example, finding the element a user is hovering over is a one-line exercise using: var hovered = document.querySelector("td:hover"); ■ Note Not only are the Selector APIs handy, but they are often faster than traversing the DOM using the legacy child retrieval APIs. Browsers are highly optimized for selector matching in order to implement fast style sheets. It should not be too surprising to find that the formal specification of selectors is separated from the specification for CSS at the W3C. As you’ve seen here, selectors are generally useful outside of styling. The full details of the new selectors are outside the scope of this book, but if you are a developer seeking the optimal ways to manipulate your DOM, you are encouraged to use the new Selectors API to rapidly navigate your application structure. JavaScript Logging and Debugging Though they’re not technically a feature of HTML5, JavaScript logging and in-browser debugging tools have been improved greatly over the past few years. The first great tool for analyzing web pages and the code running in them was the Firefox add-on, Firebug. Similar functionality can now be found in all the other browsers’ built-in development tools: Safari’s Web Inspector, Google’s Chrome Developer Tools, Internet Explorer’s Developer Tools, and Opera’s Dragonfly. Figure 1-3 shows the Google Chrome Developer Tools (use the shortcut key CTRL + Shift + J to access this) that provide a wealth of information about your web pages; these include a debugging console, a resource view, and a storage view, to name just a few. CHAPTER 1 ■ OVERVIEW OF HTML5 21 Figure 1-3. Developer Tools view in Chrome Many of the debugging tools offer a way to set breakpoints to halt code execution and analyze the state of the program and the current state of the variables. The console.log API has become the de facto logging standard for JavaScript developers. Many browsers offer a split-pane view that allows you to see messages logged to the console. Using console.log is much better than making a call to alert(), since it does not halt program execution. window.JSON JSON is a relatively new and increasingly popular way to represent data. It is a subset of JavaScript syntax that represents data as object literals. Due to its simplicity and natural fit in JavaScript programming, JSON has become the de facto standard for data interchange in HTML5 applications. The canonical API for JSON has two functions, parse() and stringify() (meaning serialize or convert to string). To use JSON in older browsers, you need a JavaScript library (several can be found at http://json.org). Parsing and serializing in JavaScript are not always as fast as you would like, so to speed up things, newer browsers now have a native implementation of JSON that can be called from JavaScript. The native JSON object is specified as part of the ECMAScript 5 standard covering the next generation of the JavaScript language. It is one of the first parts of ECMAScript 5 to be widely implemented. Every modern browser has window.JSON, and you can expect to see quite a lot of JSON used in HTML5 applications. CHAPTER 1 ■ OVERVIEW OF HTML5 22 DOM Level 3 One of the most maligned parts of web application development has been event handling. While most browsers support standard APIs for events and elements, Internet Explorer differs. Early on, Internet Explorer implemented an event model that differed from the eventual standard. Internet Explorer 9 (IE9) will support DOM Level 2 and 3 features, so you can finally use the same code for DOM manipulation and event handling in all HTML5 browsers. This includes the ever-important addEventListener() and dispatchEvent() methods. Monkeys, Squirrelfish, and Other Speedy Oddities The latest round of browser innovations isn’t just about new tags and new APIs. One of the most significant recent changes is the rapid evolution of JavaScript/ECMAScript engines in the leading browsers. Just as new APIs open up capabilities that were impossible in last-generation browsers, speedups in the execution of the overall scripting engine benefit both existing web applications and those using the latest HTML5 features. Think your browser can’t handle complex image or data processing, or the editing of lengthy manuscripts? Think again. For the last few years, browser vendors have been in a virtual arms race to see who could develop the fastest JavaScript engine. While the earliest iterations of JavaScript were purely interpreted, the newest engines compile script code directly to native machine code, offering speedups of orders of magnitude compared to the browsers of the mid-2000s. The action pretty much began when Adobe donated its just-in-time (JIT) compilation engine and virtual machine for ECMAScript—code named Tamarin—to the Mozilla project in 2006. Although only pieces of the Tamarin technology remain in the latest versions of Mozilla, the donation of Tamarin helped spawn new scripting engines in each of the browsers, with names that are just as intriguing as the performance they claim. Table 1-5. Web Browser JavaScript Engines Browser Engine Name Notes Apple Safari 5 Nitro (otherwise know as SquirrelFish Extreme) Released in Safari 4 and refined in version 5, it introduces byte code optimizations and a context-threaded native compiler. Google Chrome 5 V8 Since Chrome 2, it uses generational garbage collection for high memory scalability without interruptions. Microsoft Internet Explorer 9 Chakra This focuses on background compilation and an efficient type system and demonstrates a tenfold improvement over IE8. Mozilla Firefox 4 JägerMonkey Refined from version 3.5, this combines fast interpretation with native compilation from trace trees. Opera 10.60 Carakan This one uses register-based byte code and selective native compilation and claims improvements of 75% on version 10.50. CHAPTER 1 ■ OVERVIEW OF HTML5 23 All in all, this healthy competition among browser vendors is bringing the performance of JavaScript ever closer to that of native desktop application code. STILL MORE MOMENTS IN HTML Peter says: “Speaking of competition, and speedy oddities, my name is Peter and running is my thing—a lot of running. Ultra running is a great sport where you meet great people. While running the last miles of a 100-mile race or a 165-mile trail run, you really get to know some very interesting people in a very new way. At that point, you’re really stripped down to your essence, the place where great friendships can happen. There’s still the element of competition, to be sure, but most of all there’s a deep sense of camaraderie. But I digress here. To keep track of how my friends are doing in races that I can’t attend (for example, when I am writing an HTML5 book), I usually follow along on the race websites. Not surprisingly, the ‘live tracking’ options are often quite unreliable. A few years ago, I stumbled upon a site for a European race that had all the right ideas. They gave GPS trackers to the front runners and then displayed these racers on a map (we’ll build some similar demonstrations in this book using Geolocation and WebSocket). Despite the fact that it was quite a primitive implementation (users had to actually click “refresh the page” to see updates!), I could instantly see the incredible potential. Now, just a few years later, HTML5 provides us with tools to build these sorts of live race tracking websites with APIs such as Geolocation for location-aware applications and WebSockets for real-time updates. There’s no doubt in my mind—HTML5 has crossed the finish line a winner!” Summary In this chapter, we have given you a general overview of the big essentials of HTML5. We charted the history of its development and some of the important dates coming up. We also outlined the four new design principles behind the HTML5 era that is now dawning: compatibility, utility, interoperability, and universal access. Each one of these principles opens the door to a world of possibilities and closes the door on a host of practices and conventions that are now rendered obsolete. We then introduced HTML5’s startling new plugin-free paradigm and answered the question on the tip of everyone’s tongue—what’s in and what’s out? We reviewed what’s new in HTML5, such as a new DOCTYPE and character set, lots of new markup elements, and we discussed the race for JavaScript supremacy. In the next chapter, we’ll begin by exploring the programming side of HTML5, starting with the Canvas API. C H A P T E R 2 ■ ■ ■ 25 Using the HTML5 Canvas API In this chapter, we’ll explore what you can do with the HTML5 Canvas API—a cool API that enables you to dynamically generate and render graphics, charts, images, and animation. We’ll walk you through using the basics of the rendering API to create a drawing that can scale and adjust to the browser environment. We’ll show you how to create dynamic pictures based on user input in a heatmap display. Of course, we’ll also alert you to the pitfalls of using HTML5 Canvas and share tricks to overcome them. This chapter presumes only a minimal amount of graphics expertise, so don’t be afraid to jump in and try out one of the most powerful features of HTML. Overview of HTML5 Canvas An entire book could be written about the use of the HTML5 Canvas API (and it wouldn’t be a small book). Because we have only a chapter, we’re going to cover (what we think is) the most commonly used functionality in this very extensive API. History The canvas concept was originally introduced by Apple to be used in Mac OS X WebKit to create dashboard widgets. Before the arrival of canvas, you could only use drawing APIs in a browser through plugins such as Adobe plugins for Flash and Scalable Vector Graphics (SVG), Vector Markup Language (VML) only in Internet Explorer, or other clever JavaScript hacks. Try, for example, to draw a simple diagonal line without a canvas element—it sounds simple, but it is a fairly complex task if you do not have a simple two-dimensional drawing API at your disposal. HTML5 Canvas provides just that and because it is an extremely useful thing to have in the browser, it was added to the HTML5 specification. Early on, Apple hinted at possibly reserving the intellectual property rights in the WHATWG draft of the canvas specification, which caused concern at the time among some followers of web standardization. In the end, however, Apple disclosed the patents under the W3C's royalty-free patent licensing terms. CHAPTER 2 ■ USING THE HTML5 CANVAS API 26 SVG VERSUS CANVAS Peter says: “Canvas is essentially a bitmap canvas, and as such images that are drawn on a canvas are final and cannot be resized in the way that Scalable Vector Graphic (SVG) images can. Furthermore, objects drawn on a canvas are not part of the page’s DOM or part of any namespace—something that is considered a weakness. SVG images, on the other hand can be scaled seamlessly at different resolutions and allow for hit detection (knowing precisely where an image is clicked). Why then, would the WHATWG HTML5 specification not use SVG exclusively? Despite its obvious shortcomings, the HTML5 Canvas API has two things going for it: it performs well because it does not have to store objects for every primitive it draws, and it is relatively easy to implement the Canvas API based on many of the popular two-dimensional drawing APIs found in other programming languages. Ultimately, it is better to have one bird in the hand than two in the bush.” What Is a Canvas? When you use a canvas element in your web page, it creates a rectangular area on the page. By default, this rectangular area is 300 pixels wide and 150 pixels high, but you can specify the exact size and set other attributes for your canvas element. Listing 2-1 shows the most basic canvas element that can be added to an HTML page. Listing 2-1. A basic canvas element Once you have added a canvas element to your page, you can use JavaScript to manipulate it any way you want. You can add graphics, lines, and text to it; you can draw on it; and you can even add advanced animations to it. The HTML5 Canvas API supports the same two-dimensional drawing operations that most modern operating systems and frameworks support. If you have ever programmed two-dimensional graphics in recent years, you will probably feel right at home with the HTML5 Canvas API because it is designed to be similar to existing systems. If you haven’t, you’re about to discover how much more powerful a rendering system can be than the previous images and CSS tricks developers have used for years to create web graphics. To programmatically use a canvas, you have to first get its context. You can then perform actions on the context and finally apply those actions to the context. You can think of making canvas modifications as similar to database transactions: you start a transaction, perform certain actions, and then commit the transaction. Canvas Coordinates As shown in Figure 2-1, coordinates in a canvas start at x=0,y=0 in the upper-left corner—which we will refer to as the origin—and increase (in pixels) horizontally over the x-axis and vertically over the y-axis. CHAPTER 2 ■ USING THE HTML5 CANVAS API 27 Figure 2-1. x and y coordinates on a canvas When Not to Use Canvas Although the canvas element is great and very useful, you should not use the canvas element when another element will suffice. For example, it would not be a good idea to dynamically draw all the different headings for an HTML document on a canvas instead of simply using heading styles (H1, H2, and so on) that are meant for that purpose. Fallback Content In case your web page is accessed by a browser that does not support the canvas element or a subset of the HTML5 Canvas API features, it is a good idea to provide an alternate source (see Table 2-1 in the "Browser Support for HTML5 Canvas" section for more on browser support). For example, you can provide an alternate image or just some text that explains what the user could be enjoying if they actually used a modern browser. Listing 2-2 shows how alternate text can be specified inside a canvas element. Browsers that do not support the canvas element will simply render this fallback content. Listing 2-2. Use of fallback text inside a canvas element Update your browser to enjoy canvas! Instead of the previous text shown, you can also point to an image that can be displayed in case the browser does not support the canvas element. 3 CHAPTER 2 ■ USING THE HTML5 CANVAS API 28 WHAT ABOUT CANVAS ACCESSIBILITY? Peter says: “Providing alternate images or alternate text raises the subject of accessibility—an area in which the HTML5 Canvas specification is, unfortunately, still lacking significantly. For example, there is no native method for inserting text alternatives for images that are being inserted into a canvas, and there is no native method to provide alternate text to match text generated with the canvas text API. At the time of this writing, there are no accessibility hooks that can be used with the dynamically generated content in a canvas, but a task force is working on designing them. Let’s hope this improves with time.” CSS and Canvas As with most HTML elements, CSS can be applied to the canvas element itself to add borders, padding, margins, etc. Additionally, some CSS values are inherited by the contents of the canvas; fonts are a good example, as fonts drawn into a canvas default to the settings of the canvas element itself. Furthermore, properties set on the context used in canvas operations follow the syntax you may already be familiar with from CSS. Colors and fonts, for example, use the same notation on the context that they use throughout any HTML or CSS document. Browser Support for HTML5 Canvas With the exception of Internet Explorer, all browsers now provide support for HTML5 Canvas. However, there are some parts of the specification that were added later that are not supported as widely. An example of this is the Canvas Text API. As a whole, however, the specification is at a very advanced stage and is unlikely to change a whole lot. As shown in Table 2-1, HTML5 Canvas is already supported in many browsers at the time of this writing. Table 2-1. Browser support for HTML5 Canvas Browser Details Chrome Supported in version 1.0 and greater Firefox Supported in version 1.5 and greater Internet Explorer Not supported Opera Supported in version 9.0 and greater Safari Supported in version 1.3 and greater As you can see, HTML5 Canvas is supported in all the browsers except Internet Explorer. If you want to use canvas in Internet Explorer, you can use the open-source project explorercanvas (http://code.google.com/p/explorercanvas). To use explorercanvas, you just need to check if Internet 7 CHAPTER 2 ■ USING THE HTML5 CANVAS API 29 Explorer is the current browser and include a script tag in your web pages to launch explorercanvas, such as the following: Universal support for the Canvas is highly desired by developers, and new projects are launched all the time to try to bring support for Canvas to older or nonstandard browser environments. Microsoft has announced support for canvas in Internet Explorer 9, so native support in all major web browsers is on the horizon. Due to the varying levels of support, it is a good idea to first test whether HTML5 Canvas is supported before you use the APIs. The section “Checking for Browser Support” later in this chapter will show you how you can programmatically check for browser support. Using the HTML5 Canvas APIs In this section, we’ll explore the use of the HTML5 Canvas APIs in more detail. For the sake of illustration—no pun intended—we will use the various HTML5 Canvas APIs to build a logo-like display of a forest scene with trees and a beautiful trail-running path suitable for a long-distance race event. Although our example will not win any awards for graphical design, it should serve to illustrate the various capabilities of HTML5 Canvas in a reasonable order. Checking for Browser Support Before you use the HTML5 canvas element, you will want to make sure there is support in the browser. This way, you can provide some alternate text in case there is no support in their antique browser. Listing 2-3 shows one way you can use to test for browser support. Listing 2-3. Checking for browser support try { document.createElement("canvas").getContext("2d"); document.getElementById("support").innerHTML = "HTML5 Canvas is supported in your browser."; } catch (e) { document.getElementById("support").innerHTML = "HTML5 Canvas is not supported  in your browser."; } In this example, you try to create a canvas object and access its context. If there is an error, you will catch it and know that Canvas is not supported. A previously defined support element on the page is updated with a suitable message to reflect whether there is browser support or not. This test will indicate whether the canvas element itself is supported by the browser. It will not indicate which capabilities of the Canvas are supported. At the time of this writing, the API is stable and well-supported, so this should generally not be an issue to worry about. Additionally, it is a good idea to supply fallback content to your canvas element, as shown in Listing 2-3. CHAPTER 2 ■ USING THE HTML5 CANVAS API 30 Adding a Canvas to a Page Adding a canvas element in an HTML page is pretty straight-forward. Listing 2-4 shows the canvas element that can be added to an HTML page. Listing 2-4. The canvas element The resulting canvas will show up as an “invisible” 200 × 200 pixel rectangle on your page. If you want to add a border around it, you could use the HTML code shown in Listing 2-5 to style the canvas with normal CSS borders. Listing 2-5. Canvas element with a solid border Note the addition of the ID diagonal to make it easy to locate this canvas element programmatically. An ID attribute is crucial to any canvas because all the useful operations on this element must be done through scripting. Without an ID, you will have difficulty locating the element to interoperate with it. Figure 2-2 shows what the canvas in Listing 2-5 would look like in a browser. Figure 2-2. A simple HTML5 canvas element on an HTML page Not very exciting, but as any artist would tell you, it is full of potential. Now, let’s do something with this pristine canvas. As mentioned before, it is not easy to draw a diagonal line on a web page without HTML5 Canvas. Let’s see how easy it is now that we can use Canvas. Listing 2-6 shows how, with just a few lines of code, you can draw a diagonal line on the canvas we added to the page earlier. CHAPTER 2 ■ USING THE HTML5 CANVAS API 31 Listing 2-6. Creating a diagonal line on a canvas Let’s examine the JavaScript code used to create the diagonal line. It is a simple example, but it captures the essential flow of working with the HTML5 Canvas API: You first gain access to the canvas object by referencing a particular canvas’s ID value. In this example, the ID is diagonal. Next, you create a context variable and you call the canvas object’s getContext method, passing in the type of canvas you are looking for. You pass in the string “2d” to get a two-dimensional context—the only available context type at this time. ■ Note A three-dimensional context might be supported in a future version of the specification. You then use the context to perform drawing operations. In this case, you can create the diagonal line by calling three methods—beginPath, moveTo, and lineTo—passing in the line’s start and end coordinates. The drawing methods moveTo and lineTo do not actually create the line; you finalize a canvas operation and draw the line by calling the context.stroke(); method. Figure 2-3 shows the diagonal line created with the example code. CHAPTER 2 ■ USING THE HTML5 CANVAS API 32 Figure 2-3. Diagonal line on a canvas Triumph! Although this simple line may not appear to be the start of a revolution, keep in mind that drawing a diagonal line between two arbitrary points using classic HTML techniques was a very difficult maneuver involving stretched images, strange CSS and DOM objects, or other forms of black magic. Let us never speak of them again. As you can see from this example’s code, all operations on the canvas are performed via the context object. This will hold true for the rest of your interaction with the canvas because all the important functions with visual output are accessible only from the context, not the canvas object itself. This flexibility allows the canvas to support different types of drawing models in the future, based on the type of context that is retrieved from the canvas. Although we will frequently refer in this chapter to actions we will take on the canvas, keep in mind that this actually means that we will be working with the context object that the canvas supplies. As demonstrated in the previous example, many operations on the context do not immediately update the drawing surface. Functions such as beginPath, moveTo, and lineTo do not modify the canvas appearance immediately. The same is true of many functions that set the styling and preferences of the canvas. Only when a path is stroked or filled does it appear on the display. Otherwise, the canvas will only be immediately updated when images are displayed, text is shown, or rectangles are drawn, filled, or cleared. Applying Transformations to Drawings Now let’s look at another way to draw on the canvas using transformation. In the following example, the result is identical to the previous example, but the code used to draw the diagonal line is different. For this simple example, you could argue that the use of transformation adds unnecessary complexity. However, you can think of using transformation as a best practice for more complex canvas operations and you’ll see that we’ll use it a lot throughout the remaining examples, and it is critical to understanding the HTML5 Canvas API’s complex capabilities. Perhaps the easiest way to think of the transformation system—at least, the easiest way that does not involve a great amount of mathematical formulae and hand-waving—is as a modification layer that sits between the commands you issue and the output on the canvas display. This modification layer is always present, even if you choose not to interact with it. CHAPTER 2 ■ USING THE HTML5 CANVAS API 33 Modifications, or transformations in the parlance of drawing systems, can be applied sequentially, combined, and modified at will. Every drawing operation is passed through the modification layer to be modified before it appears on the canvas. Although this adds an extra layer of complexity, it also adds tremendous power to the drawing system. It grants access to the powerful modifications that modern image-editing tools support in real time, yet in an API that is only as complex as it absolutely needs to be. Don’t be fooled into thinking that you are optimizing performance if you don’t use transformation calls in your code. The canvas implementation uses and applies transformations implicitly in its rendering engine, whether or not you call them directly. It is wiser to understand the system up front because it will be crucial to know if you step outside the most basic drawing operations. A key recommendation for reusable code is that you usually want to draw at the origin (coordinate 0,0) and apply transformations—scale, translate, rotate, and so forth—to modify your drawing code into its final appearance, as shown in Figure 2-4. Figure 2-4. Overview of transformation and drawing at the origin Listing 2-7 shows this best practice in action using the simplest transform: translate. CHAPTER 2 ■ USING THE HTML5 CANVAS API 34 Listing 2-7. Using translation to create a diagonal line on a canvas Let’s examine the JavaScript code used to create this second, translated diagonal line. 1. First, you access the canvas object by referencing its ID value (in this case, diagonal). 2. You then retrieve a context variable by calling the canvas object’s getContext function. 3. Next, you want to save the still unmodified context so you can get back to its original state at the end of the drawing and transformation operation. If you do not save the state, the modifications you’re making during the operation (translate, scale, and so on) will continue to be applied to the context in future operations, and that might not be desirable. Saving the context state before transforming it will allow us to restore it later. 4. The next step is to apply the translate method to the context. With this operation, the translation coordinates you supply will be added to the eventual drawing coordinates (the diagonal line) at the time any drawing is rendered, thus moving the line to its final location, but only after the drawing operation is complete. 5. After the translation has been applied, you can perform the normal drawing operations to create the diagonal line. In this case, you can create the diagonal line by calling three methods—beginPath, moveTo, and lineTo—this time drawing at the origin (0,0) instead of coordinates 70,140. CHAPTER 2 ■ USING THE HTML5 CANVAS API 35 6. After the line has been sketched, you can render it to the canvas (for example, draw the line) by calling the context.stroke method. 7. Finally, you restore the context to its clean original state, so that future canvas operations are performed without the translation that was applied in this operation. Figure 2-5 shows the diagonal line created with the example code. Figure 2-5. Translated diagonal line on a canvas Even though your new line looks remarkably like the old one, you created it using the power of transformations, something that will become more apparent as we progress through the rest of this chapter. Working with Paths Although we could offer many more exciting examples for drawing lines, we are ready now to progress to something a bit more complex: paths. Paths in the HTML5 Canvas API represent any shape you care to render. Our original line example was a path, as you might have gathered from the conspicuous beginPath call used to start it off. But paths can be as complicated as you desire, with multiple line and curve segments and even subpaths. If you are looking to draw almost any shape on a canvas, the path API will be your focus point. When embarking on any routine to draw a shape or path, the first call you make is beginPath. This simple function takes no arguments, but it signals to the canvas that you wish to start a new shape description. This function is mostly useful to the canvas so that it can calculate the interior and exterior of the shape you are creating for later fills and strokes. A path always tracks the concept of a current location, which defaults to the origin. The canvas internally tracks the current location, but you will modify it with your drawing routines. Once the shape is begun, you can use a variety of functions on the context to plot the layout of your shape. You’ve already seen the simplest context pathing functions in action: CHAPTER 2 ■ USING THE HTML5 CANVAS API 36 • moveTo(x, y): moves the current location to a new destination of (x, y) without drawing. • lineTo(x, y): moves the current location to a new destination of (x, y) drawing a straight line from the current position to the new one. Essentially, the difference between these two calls is that the first is akin to lifting a drawing pen and moving to a new location, whereas the second tells the canvas to leave the pen on the paper and move it in a straight line to the new destination. However, it is worth pointing out again that no actual drawing occurs until you stroke or fill the path. At present, we are merely defining the positions in our path so that it can be drawn later. The next special pathing function is a call to closePath. This command is very similar in behavior to the lineTo function, with the difference being that the destination is automatically assumed to be the origination of the path. However, the closePath also informs the canvas that the current shape has closed or formed a completely contained area. This will be useful for future fills and strokes. At this point, you are free to continue with more segments in your path to create additional subpaths. Or you can beginPath at any time to start over and clear the path list entirely. As with most complex systems, it is often better to see them in action. Let’s depart from our line examples and use the HTML5 Canvas API to start to create a new scene that illustrates a forest with a trail-running path. This scene will serve as a logo of sorts for our race event. And as with any picture, we will start with a basic element, which in this case is the canopy of a simple pine tree. Listing 2-8 shows how to draw the pine tree’s canopy. Listing 2-8. Function that creates a path for a tree canopy function createCanopyPath(context) { // Draw the tree canopy context.beginPath(); context.moveTo(-25, -50); context.lineTo(-10, -80); context.lineTo(-20, -80); context.lineTo(-5, -110); context.lineTo(-15, -110); // Top of the tree context.lineTo(0, -140); context.lineTo(15, -110); context.lineTo(5, -110); context.lineTo(20, -80); context.lineTo(10, -80); context.lineTo(25, -50); // Close the path back to its start point context.closePath(); } As you can see from the code, we used the same move and line commands from before, but more of them. These lines form the branches of a simple tree shape, and we close the path back at the end. Our CHAPTER 2 ■ USING THE HTML5 CANVAS API 37 tree will leave a notable gap at the bottom, and we will use this in future sections to draw the trunk. Listing 2-9 shows how to use that canopy drawing function to actually render our simple tree shape onto a canvas. Listing 2-9. Function that draws a tree on the canvas function drawTrails() { var canvas = document.getElementById('trails'); var context = canvas.getContext('2d'); context.save(); context.translate(130, 250); // Create the shape for our canopy path createCanopyPath(context); // Stroke the current path context.stroke(); context.restore(); } All the calls in this routine should be familiar to you already. We fetch the canvas context, save it for future reference, translate our position to a new location, draw the canopy, stroke it onto the canvas, and then restore our state. Figure 2-6 shows the results of our handiwork, a simply line representation of a tree canopy. We’ll expand on this as we go forward, but it’s a good first step. Figure 2-6. A simple path of a tree canopy CHAPTER 2 ■ USING THE HTML5 CANVAS API 38 Working with Stroke Styles The HTML5 Canvas API wouldn’t be powerful or popular if developers were stuck using simple stick drawings and black lines. Let’s use the stroke styling capabilities to make our canopy a little more tree- like. Listing 2-10 shows some basic commands that can modify the properties of the context in order to make the stroked shape look more appealing. Listing 2-10. Using a stroke style // Increase the line width context.lineWidth = 4; // Round the corners at path joints context.lineJoin = 'round'; // Change the color to brown context.strokeStyle = '#663300'; // Finally, stroke the canopy context.stroke(); By adding the above properties before stroking, we change the appearance of any future stroked shapes—at least until we restore the context back to a previous state. First, we increase the width of the stroked lines to four pixels. Next, we set the lineJoin property to round, which causes the joints of our shape’s segments to take on a more rounded corner shape. We could also set the lineJoin to bevel or miter (and the corresponding context.miterLimit value to tweak it) to choose other corner options. Finally, we change the color of the stroke by using the strokeStyle property. In our example, we are setting the color to a CSS value, but as you will see in later sections, it is also possible to set the strokeStyle to be an image pattern or a gradient for fancier displays. Although we are not using it here, we could also set the lineCap property to be either butt, square, or round to specify how lines should display at the endpoints. Alas, our example has no dangling line ends. Figure 2-7 shows our spruced-up tree canopy, now stroked with a wider, smoother, brown line instead of the flat black line from before. CHAPTER 2 ■ USING THE HTML5 CANVAS API 39 Figure 2-7. Stylish stroked tree canopy Working with Fill Styles As you might expect, stroking is not the only way to affect the appearance of canvas shapes. The next common way to modify a shape is to specify how its paths and subpaths are filled. Listing 2-11 shows how simple it is to fill our canopy with a pleasant, green color. Listing 2-11. Using a fill style // Set the fill color to green and fill the canopy context.fillStyle = '#339900'; context.fill(); First, we set the fillStyle to the appropriate color. As we will see later, it is also possible to set the fill to be a gradient or an image pattern. Then, we simply call the context’s fill function to let the canvas fill all the pixels inside all the closed paths of our current shape, as shown in Figure 2-8. CHAPTER 2 ■ USING THE HTML5 CANVAS API 40 Figure 2-8. Filled tree canopy Because we stroked our canopy before filling it, the fill covers part of the stroked path. This is due to the fact that the wide stroke—in our case, four pixels wide—is centered along the line of the path shape. The fill applies to all pixels on the interior of the shape, and as such it will cover half of the stroked line pixels. Should you prefer the full stroke to appear, you can simply fill before stroking the path. Filling Rectangular Content Every tree deserves a strong foundation. Thankfully, we left space for our tree trunk in the original shape path. Listing 2-12 shows how we can add the simplest rendering of a tree trunk by using the fillRect convenience function. Listing 2-12. Using the fillRect convenience fucntion // Change fill color to brown context.fillStyle = '#663300'; // Fill a rectangle for the tree trunk context.fillRect(-5, -50, 10, 50); Here, we once again set a brown fill style. But instead of explicitly drawing the corners of our trunk rectangle using the lineTo ability, we will draw the entire trunk in one step by using fillRect. The fillRect call takes the x and y location, as well as the width and height, and then immediately fills it with the current fill style. CHAPTER 2 ■ USING THE HTML5 CANVAS API 41 Although we are not using them here, corresponding functions exist to strokeRect and clearRect. The former will draw the outline of the rectangle based on a given position and dimension, while the latter will remove any content from the rectangular area and reset it to its original, transparent color. CANVAS ANIMATIONS Brian says: “The ability to clear rectangles in the canvas is core to creating animations and games using the HTML5 Canvas API. By repeatedly drawing and clearing sections of the canvas, it is possible to present the illusion of animation, and many examples of this already exist on the Web. However, to create animations that perform smoothly, you will need to utilize clipping features and perhaps even a secondary buffered canvas to minimize the flickering caused by frequent canvas clears. Although animations are beyond the scope of this book, feel free to explore!” Figure 2-9 shows our simple, flatly filled tree trunk attached to our previous canopy path. Figure 2-9. Tree with filled rectangular trunk CHAPTER 2 ■ USING THE HTML5 CANVAS API 42 Drawing Curves The world, particularly the natural world, is not filled with straight lines and rectangles. Fortunately, the canvas provides a variety of functions for creating curves in our paths. We will demonstrate the simplest option—a quadratic curve—to form a path through our virtual forest. Listing 2-13 demonstrates the addition of two quadratic curves. Listing 2-13. Drawing a curve // Save the canvas state and draw the path context.save(); context.translate(-10, 350); context.beginPath(); // The first curve bends up and right context.moveTo(0, 0); context.quadraticCurveTo(170, -50, 260, -190); // The second curve continues down and right context.quadraticCurveTo(310, -250, 410,-250); // Draw the path in a wide brown stroke context.strokeStyle = '#663300'; context.lineWidth = 20; context.stroke(); // Restore the previous canvas state context.restore(); As before, one of the first things we will do is save our canvas context state, because we will be modifying the translation and stroke options here. For our forest path, we will start by moving back to the origin and drawing a first quadratic curve up and to the right. As shown in Figure 2-10, the quadraticCurveTo function begins at the current drawing location and takes two x, y point locations as its parameters. The second one is the final stop in our curve. The first one represents a control point. The control point sits to the side of the curve (not on it) and acts almost as a gravitational pull for the points along the curve path. By adjusting the location of the control point, you can adjust the curvature of the path you are drawing. We draw a second quadratic curve up and to the right to complete our path; then stroke it just as we did for our tree canopy before (only wider). CHAPTER 2 ■ USING THE HTML5 CANVAS API 43 Figure 2-10. Quadratic curve start, end, and control points Other options for curves in the HTML5 Canvas API include the bezierCurveTo, arcTo, and arc functions. These curves take additional control points, a radius, or angles to determine the characteristics of the curve. Figure 2-11 shows the two quadratic curves stroked on our canvas to create a path through the trees. Figure 2-11. Quadratic curves for a path CHAPTER 2 ■ USING THE HTML5 CANVAS API 44 Inserting Images into a Canvas Images can be extremely handy to display inside a canvas. They can be stamped, stretched, modified with transformations, and often be the focus of the entire canvas. Thankfully, the HTML5 Canvas API includes a few simple commands for adding image content to the canvas. But images also add a complication to the canvas operations: you must wait for them to load. Browsers will usually be loading images asynchronously as your page script is rendering. However, if you attempt to render an image onto a canvas before it has completely loaded, the canvas will fail to render any image at all. As such, you should be careful to make sure the image is loaded completely before you attempt to render it. To solve this problem in our simple forest trail example, we will load an image of a bark texture to use directly in the canvas. In order to make sure that the image has completed loading before we render, we will switch the loading code to only execute as a callback from image loading completion, as shown in Listing 2-14. Listing 2-14. Loading the image // Load the bark image var bark = new Image(); bark.src = "bark.jpg"; // Once the image is loaded, draw on the canvas bark.onload = function () { drawTrails(); } As you can see, we’ve added an onload handler to the bark.jpg image to call the main drawTrails function only when the image loading has completed. This guarantees that the image will be available to the next calls we add to the canvas rendering, as shown in Listing 2-15. Listing 2-15. Drawing an image on a canvas // Draw the bark pattern image where // the filled rectangle was before context.drawImage(bark, -5, -50, 10, 50); Here, we have replaced the previous call to fillRect with a simple routine to display our bark image as the new trunk for our tree. Although the image is a subtle replacement, it provides more texture to our display. Note that in this call, we are specifying an x, y, width, and height argument in addition to the image itself. This option will scale the image to fit into the 10 × 50 pixel space that we have allocated for our trunk. We could also have passed in source dimensions to have more control over the clipping area of the incoming image to be displayed. As you can see in Figure 2-12, the change to the appearance of our trunk is only slightly different from the filled rectangle we used before. CHAPTER 2 ■ USING THE HTML5 CANVAS API 45 Figure 2-12. Tree with an image used for trunk Using Gradients Not satisfied with the tree trunk? Well, neither are we. Let’s take another approach to drawing our tree trunk that uses a little more finesse: gradients. Gradients allow you to apply a gradual algorithmic sampling of colors as either a stroke or fill style, just like the patterns were applied in the last section. Creating gradients requires a three-step process: 1. Create the gradient object itself. 2. Apply color stops to the gradient object, signaling changes in color along the transition. 3. Set the gradient as either a fillStyle or a strokeStyle on the context. It is perhaps easiest to think of gradients as a smooth change of color that moves along a line. For example, if you supply points A and B as the arguments to the creation of a gradient, the color will be transitioned for any stroke or fill that moves in the direction of point A to point B. To determine what colors are displayed, simply use the addColorStop function on the gradient object itself. This function allows you to specify an offset and a color. The color argument is the color you want to be applied in the stroke or fill at the offset position. The offset position is a value between 0.0 and 1.0, representing how far along the gradient line the color should be reached. If you create a gradient from point (0,0) to point (0,100) and specify a white color stop at offset 0.0 and a black offset at offset 1.0, then when the stroke or fill occurs, you will see the color gradually shift from white (the beginning color stop) to black (the end color stop) as the rendering moves from point (0,0) to point (0,100). CHAPTER 2 ■ USING THE HTML5 CANVAS API 46 As with other color values, it is possible to supply an alpha (for example, transparency) value as part of the color and make that alpha value transition as well. To do so, you will need to use another textual representation of the color value, such as the CSS rgba function that includes an alpha component. Let’s see this in more detail with a code sample that applies two gradients to a fillRect representing our final tree trunk, as shown in Listing 2-16. Listing 2-16. Using a gradient // Create a 3 stop gradient horizontally across the trunk var trunkGradient = context.createLinearGradient(-5, -50, 5, -50); // The beginning of the trunk is medium brown trunkGradient.addColorStop(0, '#663300'); // The middle-left of the trunk is lighter in color trunkGradient.addColorStop(0.4, '#996600'); // The right edge of the trunk is darkest trunkGradient.addColorStop(1, '#552200'); // Apply the gradient as the fill style, and draw the trunk context.fillStyle = trunkGradient; context.fillRect(-5, -50, 10, 50); // A second, vertical gradient creates a shadow from the // canopy on the trunk var canopyShadow = context.createLinearGradient(0, -50, 0, 0); // The beginning of the shadow gradient is black, but with // a 50% alpha value canopyShadow.addColorStop(0, 'rgba(0, 0, 0, 0.5)'); // Slightly further down, the gradient completely fades to // fully transparent. The rest of the trunk gets no shadow. canopyShadow.addColorStop(0.2, 'rgba(0, 0, 0, 0.0)'); // Draw the shadow gradient on top of the trunk gradient context.fillStyle = canopyShadow; context.fillRect(-5, -50, 10, 50); Applying these two gradients creates a nice, smooth light source on our rendered tree as shown in Figure 2-13, making it appear curved and covered by a slight shadow from the canopy above. Let’s keep it. CHAPTER 2 ■ USING THE HTML5 CANVAS API 47 Figure 2-13. Tree with gradient trunk Besides the linear gradient used in our example, the HTML5 Canvas API also supports a radial gradient option that allows you to specify two circular representations in which the color stops are applied to the cone between the two circles. The radial gradient uses the same color stops as the linear gradient, but takes its arguments in the form shown in Listing 2-17. Listing 2-17. Example of applying a radial gradient createRadialGradient(x0, y0, r0, x1, y1, r1) In this example, the first three arguments represent a circle centered at (x0, y0) with radius r0, and the last three arguments represent a second circle centered at (x1, y1) with radius r1. The gradient is drawn across the area between the two circles. Using Background Patterns Direct rendering of images has many uses, but in some cases it is beneficial to use an image as a background tile, similar to the capability available in CSS. We’ve already seen how it is possible to set a stroke or fill style to be a solid color. The HTML5 Canvas API also includes an option to set an image as a repeatable pattern for either a path stroke or fill. To make our forest trail appear a bit more rugged, we will demonstrate the capability by replacing the previous stroked trail curve with one that uses a background image fill. In doing so, we’ll swap out our now-unused bark image for a gravel image that we will put to use here. Listing 2-18 shows we replace the call to drawImage with a call to createPattern. CHAPTER 2 ■ USING THE HTML5 CANVAS API 48 Listing 2-18. Using a background pattern // Replace the bark image with // a trail gravel image var gravel = new Image(); gravel.src = "gravel.jpg"; gravel.onload = function () { drawTrails(); } // Replace the solid stroke with a repeated // background pattern context.strokeStyle = context.createPattern(gravel, 'repeat'); context.lineWidth = 20; context.stroke(); As you can see, we are still calling stroke() for our path. However, this time we have set a strokeStyle property on the context first, passing in the result of a call to context.createPattern. Oh, and once again the image needs to be previously loaded in order for the canvas to perform the operation. The second argument is a repetition pattern that can be one of the choices shown in Table 2-2. Table 2-2. Repetition Patterns Repeat Value repeat (Default) The image is repeated in both directions repeat-x The image is repeated only in the X dimension repeat-y The image is repeated only in the Y dimension no-repeat The image is displayed once and not repeated Figure 2-14 shows the result of the use of a background image rather than an explicitly drawn image to represent our trail. CHAPTER 2 ■ USING THE HTML5 CANVAS API 49 Figure 2-14. A trail with a repeating background pattern Scaling Canvas Objects What kind of forest has only one tree? Let’s fix that right away. To make this a little easier, we will adjust our code sample to isolate the tree drawing operations to a single routine, called drawTree, as shown in Listing 2-19. Listing 2-19. Function to draw the tree object // Move tree drawing into its own function for reuse function drawTree(context) { var trunkGradient = context.createLinearGradient(-5, -50, 5, -50); trunkGradient.addColorStop(0, '#663300'); trunkGradient.addColorStop(0.4, '#996600'); trunkGradient.addColorStop(1, '#552200'); context.fillStyle = trunkGradient; context.fillRect(-5, -50, 10, 50); var canopyShadow = context.createLinearGradient(0, -50, 0, 0); canopyShadow.addColorStop(0, 'rgba(0, 0, 0, 0.5)'); canopyShadow.addColorStop(0.2, 'rgba(0, 0, 0, 0.0)'); context.fillStyle = canopyShadow; context.fillRect(-5, -50, 10, 50); createCanopyPath(context); CHAPTER 2 ■ USING THE HTML5 CANVAS API 50 context.lineWidth = 4; context.lineJoin = 'round'; context.strokeStyle = '#663300'; context.stroke(); context.fillStyle = '#339900'; context.fill(); } As you can see, the drawTree function contains all the code we previously created to draw the canopy, trunk, and trunk gradient. Now we will use one of the transformation routines— context.scale—to draw a second tree at a new location and with a larger size, as shown in Listing 2-20. Listing 2-20. Drawing the tree objects // Draw the first tree at X=130, Y=250 context.save(); context.translate(130, 250); drawTree(context); context.restore(); // Draw the second tree at X=260, Y=500 context.save(); context.translate(260, 500); // Scale this tree twice normal in both dimensions context.scale(2, 2); drawTree(context); context.restore(); The scale function takes two factors for the x and y dimensions as its arguments. Each factor tells the canvas implementation how much larger (or smaller) to make the size in that dimension; an X factor of 2 would make all subsequent draw routines twice as wide, while a Y factor of 0.5 would make all subsequent operations half as tall as before. Using these routines, we now have an easy way to create a second tree in our trails canvas, as shown in Figure 2-15. CHAPTER 2 ■ USING THE HTML5 CANVAS API 51 Figure 2-15. Tree with a larger scale ALWAYS PERFORM SHAPE AND PATH ROUTINES AT THE ORIGIN Brian says (and really means it, this time): “This example illustrates one of the reasons why it is a good idea to perform shape and path routines at the origin; then translate them when complete, as we do here in our code. The reason is that transforms such as scale and rotate operate from the origin. If you perform a rotate transform to a shape drawn off origin, a rotate transform will rotate the shape around the origin rather than rotating in place. Similarly, if you performed a scale operation to shapes before translating them to their proper position, all locations for path coordinates would also be multiplied by the scaling factor. Depending on the scale factor applied, this new location could even be off the canvas altogether, leaving you wondering why your scale operation just ‘deleted’ the image.” CHAPTER 2 ■ USING THE HTML5 CANVAS API 52 Using Canvas Transforms Transform operations are not limited to scales and translates. It is also possible to rotate the drawing context using the context.rotate(angle) function or even to modify the underlying transform directly for more advanced operations such as shearing of the rendered paths. If you wanted to rotate the display of an image, you would merely need to call the series of operations shown in Listing 2-21. Listing 2-21. A rotated image context.save(); // rotation angle is specified in radians context.rotate(1.57); context.drawImage(myImage, 0, 0, 100, 100); context.restore(); In Listing 2-22, however, we will show how you can apply an arbitrary transform to the path coordinates to radically alter the display of our existing tree path in order to create a shadow effect. Listing 2-22. Using a transform // Create a 3 stop gradient horizontally across the trunk // Save the current canvas state for later context.save(); // Create a slanted tree as the shadow by applying // a shear transform, changing X values to increase // as Y values increase context.transform(1, 0,-0.5, 1, 0, 0); // Shrink the shadow down to 60% height in the Y dimension context.scale(1, 0.6); // Set the tree fill to be black, but at only 20% alpha context.fillStyle = 'rgba(0, 0, 0, 0.2)'; context.fillRect(-5, -50, 10, 50); // Redraw the tree with the shadow effects applied createCanopyPath(context); context.fill(); // Restore the canvas state context.restore(); Modifying the context transform directly as we’ve done here is something you should attempt only if you are familiar with the matrix mathematics underpinning two-dimensional drawing systems. If you check the math behind this transform, you will see that we are shifting the X values of our drawing by a CHAPTER 2 ■ USING THE HTML5 CANVAS API 53 factor of the corresponding Y values in order to shear the gray tree being used as a shadow. Then, by applying a scale factor of 60%, the sheared tree is decreased in size. Note that the sheared “shadow” tree is rendered first, so that the actual tree appears above it in Z- order (the order in which the canvas objects overlap). Also, the shadow tree is drawn using the CSS notation for RGBA, which allows us to set the alpha value to only 20% of normal. This creates the light, semitransparent look for the shadow tree. Once applied to our scaled trees, the output renders as shown in Figure 2-16. Figure 2-16. Trees with transformed shadows Using Canvas Text As we approach the end of our trail creation, let’s demonstrate the power of the HTML5 Canvas API text functions by adding a fancy title to the top of our display. It is important to note that text rendering on a canvas is treated the same way as any other path object: text can be stroked or filled, and all rendering transformations and styles can apply to text just as they do to any other shape. As you might expect, the text drawing routines consist of two functions on the context object: • fillText (text, x, y, maxwidth) • strokeText (text, x, y, maxwidth) CHAPTER 2 ■ USING THE HTML5 CANVAS API 54 Both functions take the text as well as the location at which it should be drawn. Optionally, a maxwidth argument can be provided to constrain the size of the text by automatically shrinking the font to fit the given size. In addition, a measureText function is available to return a metrics object containing the width of the given text should it be rendered using the current context settings. As is the case with all browser text display, the actual appearance of the text is highly configurable using context properties that are similar to their CSS counterparts, as shown in Table 2-3. Table 2-3. Possible settings for background pattern repetition Property Values Note font CSS font string Example: italic Arial, sans-serif textAlign start, end, left, right, center Defaults to start textBaseline top, hanging, middle, alphabetic, ideographic, bottom Defaults to alphabetic All these context properties can be set to alter the context or accessed to query the current values. In Listing 2-23, we will create a large text message with the font face Impact and fill it with the background pattern of our existing bark image. In order to center the text across the top of our canvas, we will declare a maximum width and a center alignment. Listing 2-23. Using canvas text // Draw title text on our canvas context.save(); // The font will be 60 pixel, Impact face context.font = "60px impact"; // Use a brown fill for our text context.fillStyle = '#996600'; // Text can be aligned when displayed context.textAlign = 'center'; // Draw the text in the middle of the canvas with a max // width set to center properly context.fillText('Happy Trails!', 200, 60, 400); context.restore(); As you can see from the result in Figure 2-17, the trail drawing just got a whole lot—you guessed it— happier. CHAPTER 2 ■ USING THE HTML5 CANVAS API 55 Figure 2-17. Background pattern-filled text Applying Shadows Finally, we will use the built-in canvas shadow API to add a blurred shadow effect to our new text display. Like many graphical effects, shadows are best applied in moderation, even though the HTML5 Canvas API allows you to apply shadows to any operation we have already covered. Once again, shadows are controlled by a few global context properties, as shown in Table 2-4. Table 2-4. Shadow properties Property Values Note shadowColor Any CSS color Can include an alpha component shadowOffsetX Pixel count Positive values move shadow to the right, negative left shadowOffsetY Pixel count Positive values move shadow down, negative up shadowBlur Gaussian blur Higher values cause blurrier shadow edges CHAPTER 2 ■ USING THE HTML5 CANVAS API 56 The shadow effect is triggered on any path, text, or image render if the shadowColor and at least one of the other properties is set to a nondefault value. Listing 2-24 shows how we can apply a shadow to our new trails title text. Listing 2-24. Applying a shadow // Set some shadow on our text, black with 20% alpha context.shadowColor = 'rgba(0, 0, 0, 0.2)'; // Move the shadow to the right 15 pixels, up 10 context.shadowOffsetX = 15; context.shadowOffsetY = -10; // Blur the shadow slightly context.shadowBlur = 2; With these simple additions, the canvas renderer will automatically apply shadows until the canvas state is restored or the shadow properties are reset. Figure 2-18 shows the newly applied shadows. Figure 2-18. Title with shadowed text CHAPTER 2 ■ USING THE HTML5 CANVAS API 57 As you can see, the shadow generated by CSS is positional only and not in sync with the transformational shadow we created for our tree. For the sake of consistency, you should probably only use one approach to drawing shadows in a given canvas scene. Working with Pixel Data One of the most useful—albeit nonobvious—aspects of the Canvas API is the ability for developers to easily get access to the underlying pixels in the canvas. This access works in both directions: it is trivial to get access to the pixel values as a numerical array, and it is equally easy to modify those values and apply them back to the canvas. In fact, it is entirely possible to manipulate the canvas entirely through the pixel value calls and forgo the rendering calls we’ve discussed in this chapter. This is made possible by the existence of three functions on the context API. First up is context.getImageData(sx, sy, sw, sh). This function returns a representation of the current state of the canvas display as a collection of integers. Specifically, it returns an object containing three properties: • width: The number of pixels in each row of the pixel data • height: The number of pixels in each column of the pixel data • data: A one-dimensional array containing the actual RGBA values for each pixel retrieved from the canvas. This array contains four values for each pixel—a red, green, blue, and alpha component—each with a value from 0 to 255. Therefore, each pixel retrieved from the canvas becomes four integer values in the data array. The data array is populated by pixels from left to right and top to bottom (for example, across the first row, then across the second row, and so on), as shown in Figure 2-19. Figure 2-19. Pixel data and the internal data structure that represents it CHAPTER 2 ■ USING THE HTML5 CANVAS API 58 The data returned by the call to getImageData is limited to the region defined by the four parameters. Only canvas pixels contained in the rectangular region surrounded by the source x, y, width, and height parameters will be retrieved. Therefore, to access all pixel values as data, you should pass in getImageData(0, 0, canvas.width, canvas.height). Because there are four image data values representing each pixel, it can be a little tricky to calculate exactly which index represents the values for a given pixel. The formula is as follows. For any pixel at coordinate (x,y) in a canvas with a given width and height, you can locate the component values: • Red component: ((width * y) + x) * 4 • Green component: ((width * y) + x) * 4 + 1 • Blue component: ((width * y) + x) * 4 + 2 • Alpha component: ((width * y) + x) * 4 + 3 Once you have access to the object with image data, it is quite easy to modify the pixel values in the data array mathematically, because they are each simply integers from 0 to 255. Changing the red, green, blue, or alpha values for one or more pixels makes it easy to update the canvas display by using the second function: context.putImageData(imagedata, dx, dy). putImageData allows you to pass in a set of image data in the same format as it was originally retrieved; that’s quite handy because you can modify the values the canvas originally gave you and put them back. Once this function is called, the canvas will immediately update to reflect the new values of the pixels you passed in as the image data. The dx and dy parameters allow you to specify an offset for where to start applying your data array into the existing canvas, should you choose to use one. Finally, if you want to start from scratch with a set of blank canvas data, you can call context.createImageData(sw, sh) to create a new set of image data tied to the canvas object. This set of data can be programmatically changed as before, even though it does not represent the current state of the canvas when retrieved. Implementing Canvas Security There is an important caveat to using pixel manipulation, as described in the previous section. Although most developers would use pixel manipulation for legitimate means, it is quite possible that the ability to fetch and update data from a canvas could be used for nefarious purposes. For this reason, the concept of an origin-clean canvas was specified, so that canvases that are tainted with images from origins other than the source of the containing page cannot have their data retrieved. As shown in Figure 2-20, if a page served up from http://www.example.com contains a canvas element, it is entirely possible that the code in the page could try to render an image from http://www.remote.com inside the canvas. After all, it is perfectly acceptable to render images from remote sites inside any given web page. CHAPTER 2 ■ USING THE HTML5 CANVAS API 59 Figure 2-20. Local and remote image sources However, before the arrival of the Canvas API, it was not possible to programmatically retrieve the pixel values of a downloaded image. Private images from other sites could be displayed in a page but not read or copied. Allowing scripts to read image data from other origins would effectively share users' photographs and other sensitive online image file with the entire web. In order to prevent this, any canvas that contains images rendered from remote origins will throw a security exception if the getImageData function is called. It is perfectly acceptable to render remote images into a canvas from another origin as long as you (or any other scriptwriter) do not attempt to fetch the data from that canvas after it has been tainted. Be aware of this limitation and practice safe rendering. Building an Application with HTML5 Canvas There are many different application possibilities for using the Canvas API: graphs, charts, image editing, and so on. However, one of the most intriguing uses for the canvas is to modify or overlay existing content. One popular type of overlay is known as a heatmap. Although the name implies a temperature measurement, the heat in this case can refer to any level of measurable activity. Areas on the map with high levels of activity are colored as hot (for example, red, yellow, or white). Areas with less activity show no color change at all, or minimal blacks and grays. For example, a heatmap can be used to indicate traffic on a city map, or storm activity on a global map. And situations such as these are easy to implement in HTML5 by combining a canvas display with an underlying map source. Essentially, the canvas can be used to overlay the map and draw the heat levels based on the appropriate activity data. Let’s build a simple heatmap using the capabilities we learned about in the Canvas API. In this case, our heat data source will be not external data, but the movement of our mouse across the map. Moving the mouse over a portion of the map will cause the heat to increase, and holding the mouse at a given position will rapidly increase the temperature to maximum levels. We can overlay such a heatmap display(shown in Figure 2-21) on a nondescript terrain map, just to provide a sample case. CHAPTER 2 ■ USING THE HTML5 CANVAS API 60 Figure 2-21. The heatmap application Now that you’ve seen the end result of our heatmap application, let’s step through the code sample. As usual, the working examples are available online for your download and perusal. Let’s start with the HTML elements declared in this example. For this display, the HTML consists of only a title, a canvas, and a button we can use to reset the heatmap. The background display for the canvas consists of a simple mapbg.jpg applied to the canvas via CSS as shown in Listing 2-25. Listing 2-25. The heatmap canvas element

Heatmap

We also declare some initial variables to be used later in the example. var points = {}; var SCALE = 3; var x = -1; var y = -1; CHAPTER 2 ■ USING THE HTML5 CANVAS API 61 Next, we will set the canvas to have a high transparency value for its global drawing operations, and set the composite mode to cause new draws to lighten the underlying pixels rather than replace them. Then, as shown in Listing 2-26, we will set a handler to change the display—addToPoint—every time the mouse moves or one-tenth of a second passes. Listing 2-26. The loadDemo function function loadDemo() { document.getElementById("resetButton").onclick = reset; canvas = document.getElementById("heatmap"); context = canvas.getContext('2d'); context.globalAlpha = 0.2; context.globalCompositeOperation = "lighter" function sample() { if (x != -1) { addToPoint(x,y) } setTimeout(sample, 100); } canvas.onmousemove = function(e) { x = e.clientX - e.target.offsetLeft; y = e.clientY - e.target.offsetTop; addToPoint(x,y) } sample(); } If the user clicks Reset, the entire canvas area is cleared and reset to its original state by using the canvas’ clearRect function, as shown in Listing 2-27. Listing 2-27. The reset function function reset() { points = {}; context.clearRect(0,0,300,300); x = -1; y = -1; } Next we create a lookup table of colors to use when drawing heat on the canvas. Listing 2-28 shows how the colors range in brightness from least to greatest, and they will be used to represent varying levels of heat on the display. The greater the value of the intensity, the brighter the returned color. CHAPTER 2 ■ USING THE HTML5 CANVAS API 62 Listing 2-28. The getColor function function getColor(intensity) { var colors = ["#072933", "#2E4045", "#8C593B", "#B2814E", "#FAC268", "#FAD237"]; return colors[Math.floor(intensity/2)]; } Whenever the mouse moves or hovers over an area of the canvas, a point is drawn. The point grows in size (and brightness) the longer the mouse stays in the immediate area. As shown in Listing 2-29, we use the context.arc function to draw a circle of a given radius, and we draw a brighter, hotter color for larger radius values by passing the radius to our getColor function. Listing 2-29. The drawPoint function function drawPoint(x, y, radius) { context.fillStyle = getColor(radius); radius = Math.sqrt(radius)*6; context.beginPath(); context.arc(x, y, radius, 0, Math.PI*2, true) context.closePath(); context.fill(); } In the addToPoint function—which you will recall is accessed every time the mouse moves or hovers over a point—a heat value is increased and stored for that particular point on the canvas. Listing 2-30 shows that the maximum point value is 10. Once the current value of heat for a given pixel is found, the appropriate pixel is passed to drawPoint with its corresponding heat/radius value. Listing 2-30. The addToPoint function function addToPoint(x, y) { x = Math.floor(x/SCALE); y = Math.floor(y/SCALE); if (!points[[x,y]]) { points[[x,y]] = 1; } else if (points[[x,y]]==10) { return } else { points[[x,y]]++; } drawPoint(x*SCALE,y*SCALE, points[[x,y]]); } Finally, the initial loadDemo function is registered to be called whenever the window completes loading. CHAPTER 2 ■ USING THE HTML5 CANVAS API 63 window.addEventListener("load", loadDemo, true); Together, these one hundred or so lines of code illustrate how much you can do with the HTML5 Canvas API in a short amount of time, without using any plugins or external rendering technology. With an infinite number of data sources available it is easy to see how they can be visualized simply and effectively. Practical Extra: Full Page Glass Pane In the example application, you saw how you can apply a canvas on top of a graphic. You can also apply a canvas on top of the entire browser window or portions of the same—a technique commonly referred to as glass pane. Once you have positioned the glass pane canvas on top of a web page, you can do all kinds of cool and handy things with it. For example, you can use a routine to retrieve the absolute position of all the DOM elements on a page and create a step-by-step help function that can guide users of a web application through the steps they must perform to start and use the application. Or, you can use the glass pane canvas to scribble feedback on someone’s web page using the mouse events for drawing input. Some things to keep in mind if you try to use a canvas in this capacity: • You will need to set the canvas positioning to absolute and give it a specific position, width, and height. Without an explicit width and height setting, the canvas will remain at a zero pixel size. • Don’t forget to set a high Z-index on the canvas so that it floats above all the visible content. A canvas rendered under all the existing content doesn’t get much chance to shine. • Your glass pane canvas can block access to events in the content below, so be sparing in how you use it and remove it when it is unnecessary. Summary As you can see, the HTML5 Canvas API provides a very powerful way to modify the appearance of your web application without resorting to odd document hacks. Images, gradients, and complex paths can be combined to create nearly any type of display you may be looking to present. Keep in mind that you generally need to draw at the origin, load any images you want to display before attempting to draw them, and be mindful of tainting your canvas with foreign image sources. However, if you learn to harness the power of the canvas, you can create applications that were never possible in a web page before. C H A P T E R 3 ■ ■ ■ 65 Working with HTML5 Audio and Video In this chapter, we’ll explore what you can do with two important HTML5 elements—audio and video— and we’ll show you how they can be used to create compelling applications. The audio and video elements add new media options to HTML5 applications that allow you to use audio and video without plugins while providing a common, integrated, and scriptable API. First, we’ll discuss audio and video container files and codecs, and why we ended up with the codecs supported today. We’ll go on to describe lack of common codec support—the most important drawback for using the media elements—and we’ll discuss how we hope that this won’t be such a big issue in the future. We’ll also show you a mechanism for switching to the most appropriate type of content for the browser to display. Next, we’ll show you how you can use control audio and video programmatically using the APIs and finally we’ll explore the use of the HTML5 Audio and Video in your applications. Overview of HTML5 Audio and Video In the following sections, we’ll discuss some of the key concepts related to HTML5 audio and video: containers and codecs. Video Containers An audio or video file is really just a container file, similar to a ZIP archive file that contains a number of files. Figure 3-1 shows how a video file (a video container) contains audio tracks, video tracks, and additional metadata. The audio and video tracks are combined at runtime to play the video. The metadata contains information about the video such as cover art, title and subtitle, captioning information, and so on. CHAPTER 3 ■ WORKING WITH HTML5 AUDIO AND VIDEO 66 Figure 3-1. Overview of the video container Some of the popular video container formats include the following: • Audio Video Interleave (.avi) • Flash Video (.flv) • MPEG 4 (.mp4) • Matroska (.mkv) • Ogg (.ogv) CHAPTER 3 ■ WORKING WITH HTML5 AUDIO AND VIDEO 67 Audio and Video Codecs Audio and video coders/decoders (codecs) are algorithms used to encode and decode a particular audio or video stream so that they can be played back. Raw media files are enormous, so without encoding, a video or audio clip would consist of tremendous amounts of data that could be too large to transmit across the Internet in a reasonable amount of time. Without a decoder, the recipient would not be able to reconstitute the original media source from the encoded form. A codec is able to understand a specific container format and decodes the audio and video tracks that it contains. Some example audio codecs are the following: • AAC • MPEG-3 • Ogg Vorbis Example video codecs are the following: • H.264 • VP8 • Ogg Theora The Codec Wars and the Tentative Truce Some of the codecs are patent-encumbered, while others are freely available. For example, the Vorbis audio codec and the Theora video codec are freely available, while the use of the MPEG-4 and H.264 codecs are subject to license fees. Originally, the HTML5 specification was going to require that certain codecs were supported. However, some vendors did not wish to include Ogg Theora as it was not part of their existing hardware and software stacks. Apple's iPhone, for example, includes hardware accelerated decoding for h264 video but not Theora. Free systems, on the other hand, cannot include proprietary for-pay codecs without hurting downstream distribution. On top of that, the performance that certain proprietary codecs provide is a factor in the browser uptake of free codecs. This situation has led to a stalemate; there does not appear to be a single codec that all browser vendors are willing to implement. For now, the codec requirement has been dropped from the specification. However, this decision may be revisited in the future. For now, understand the current browser support and understand that you may need to re-encode your media for different environments. (You should probably be doing this already.) We do expect that support for different codecs will increase and converge over time, making the choice of common media types easy and ubiquitous. It is also possible that one codec will grow to be the de facto standard codec for the Web. Additionally, the media tags have a built in mechanism for switching to the most appropriate type of content for the browser to display to make supporting different environments easy. CHAPTER 3 ■ WORKING WITH HTML5 AUDIO AND VIDEO 68 HERE COMES WEBM Frank says: "Google introduced the WebM video format in May 2010. WebM is a new format for audio and video intended to clear up the murky media format situation on the Web. WebM files have the .webm extension and consist of VP8 video and Ogg Vorbis audio in a container based on Matroska. Google released the WebM specification and software under permissive licenses covering source code and patent rights. As a high quality format that is free for both implementers and publishers, WebM represents a significant development in the codec landscape. As far as browsers go, at least Firefox, Opera, and Chrome will support WebM natively. Opera 10.60 is already shipping with WebM support. Mozilla and Google have committed to shipping WebM in the next versions of their browsers." Audio and Video Restrictions There are a few things that are not supported in the HTML5 audio and video specification: • Streaming audio and video. That is, there is currently no standard for bitrate switching in HTML5 video; only full media files are supported by current implementations. However, there are aspects of the spec that are designed to support streaming media in the future once the formats are supported. • Media is restricted by HTTP cross-origin resource sharing. See Chapter 5 for more information about cross-origin resource sharing. • Full-screen video is not scriptable because it could be considered a security violation to let a scriptable element take over the full screen. However, browsers have the option of letting users choose to view videos in full screen through additional controls. • Accessibility for audio and video elements is not fully specified yet. Work is underway on a specification called WebSRT for subtitle support based on the popular SRT format. Browser Support for HTML5 Audio and Video As shown in Table 3-1, HTML5 audio and video elements are already supported in many browsers at the time of this writing. The table also shows the supported codecs. CHAPTER 3 ■ WORKING WITH HTML5 AUDIO AND VIDEO 69 Table 3-1. Browser support for HTML5 Video Browser Details Codec, Container Support Chrome Version 3.0 and greater Theora and Vorbis, Ogg Container H.264 and AAC, MPEG 4 Firefox Version 3.5 and greater Theora and Vorbis, Ogg Container Internet Explorer Not supported N/A Opera Version 10.5 and greater Theora and Vorbis, Ogg Container (10.5 and greater) VP8 and Vorbis, WebM Format (10.6 and greater) Safari Version 3.2 and greater H.264 and AAC, MPEG 4 Container It is always good idea to first test whether HTML5 Audio and Video are supported. The section “Checking for Browser Support” later in this chapter will show you how you can programmatically check for browser support. Using the HTML5 Audio and Video APIs In this section, we’ll explore the use of the HTML5 Audio and Video in your applications. There are two main benefits to using these HTML5 media tags over previous video-embedding techniques—usually videos embedded using the Flash, QuickTime, or Windows Media plugins—that aim to make life easier for users and developers: • The new audio and video tags remove deployment hurdles by being part of the native browser environment. Although some plugins have high install rates, they are often blocked in controlled corporate environments. Some users choose to disable these plugins due to the... ostentatious… advertising displays those plugins are also capable of, which also removes their capability to be used for media playback. Plugins are also separate vectors of attack for security issues. And plugins often have difficulty integrating their displays with the rest of browser content, causing clipping or transparency issues with certain site designs. Because plugins use a self-contained rendering model that is different from that of the base web page, developers face difficulties if elements such as popup menus or other visual elements need to cross plugin boundaries in a page. CHAPTER 3 ■ WORKING WITH HTML5 AUDIO AND VIDEO 70 • The media elements expose a common, integrated, and scriptable API to the document. As a developer, your use of the new media elements allows very simple ways to script the control and playback of content. We will see multiple examples of this later in the chapter. Of course, there is one primary drawback to using the media tags: lack of common codec support, as discussed in the earlier sections of this chapter. However, we expect that support for codecs will increase and converge over time, making the choice of common media types easy and ubiquitous. Plus, the media tags have a built-in mechanism for switching to the most appropriate type of content for the browser to display, as you will soon see. Checking for Browser Support The easiest way to check for support of the video and audio tags is to dynamically create one or both with scripting and check for the existence of a function: var hasVideo = !!(document.createElement('video').canPlayType); This simple code line will dynamically create a video element and check for the existence of the canPlayType() function. By using the !! operator, the result is converted to a Boolean value, which indicates whether or not a video object could be created. However, if video or audio support is not present, you may choose to use an enabling script that introduces media script tags into older browsers, allowing the same scriptability but using technologies such as Flash for playback. Alternatively, you can choose to include alternate content between your audio or video tags, and the alternate content will display in place of the unsupported tag. This alternate content can be used for a Flash plugin to display the same video if the browser doesn’t support the HTML5 tags. If you merely wish to display a text message for nonsupporting browsers, it is quite easy to add content inside the video or audio elements such as the following: However, if you choose to use an alternative method to render video for browsers without HTML5 media support, you can use the same element content section to provide a reference to an external plugin displaying the same media: By embedding an object element that displays a Flash video inside the video element, the HTML5 video will be preferred if it is available, and the Flash video will be used as a fallback. Unfortunately, this requires multiple versions of the video to be served up until HTML5 support is ubiquitous. s CHAPTER 3 ■ WORKING WITH HTML5 AUDIO AND VIDEO 71 MEDIA FOR EVERYONE Brian says: “Making your web applications accessible to everyone isn’t just the right thing to do; it’s good business and, in some cases, it’s the law! Users with limited vision or hearing should be presented with alternative content that meets their needs. The standards bodies designing HTML5 are keenly aware of the lack of built-in support for accessible video and audio, such as closed captioning, and are in the process of planning it now. In the meantime, developers should provide links to transcripts at a minimum, and should consider using the power of the scripting APIs in video to add synchronized text displays on or nearby the video itself. Keep in mind that the alternative content located between the video and audio elements is only displayed if the browser does not support those elements at all, and therefore is not suitable for accessible displays where the browser may support HTML5 media, but the user may not.” Understanding Media Elements Due to a wise design decision, there is much commonality between the audio and video elements in HTML5. Both audio and video support many of the same operations—play, pause, mute/unmute, load, and so on—and therefore, the common behavior was separated out into the media element section of the specification. Let’s start examining the media elements by observing what they have in common. The Basics: Declaring Your Media Element For the sake of example, we will use an audio tag to try out the common behaviors of HTML5 media. The examples in this section will be very media-heavy (surprise!), but they are included in the example support files that come with this book. For the very simplest example (the example file audio.html), let’s create a page that shows an audio player for a soothing, satisfying, and very public domain audio clip: Johann Sebastian Bach’s “Air”: HTML5 Audio This clip assumes that the HTML document and the audio file—in this case, johann_sebastian_bach_air.ogg—are served from the same directory. As shown in Figure 3-2, viewing this in a browser supporting the audio tag will show a simple control and play bar representing the audio to play. When the user clicks the play button, the audio track starts as expected. CHAPTER 3 ■ WORKING WITH HTML5 AUDIO AND VIDEO 72 Figure 3-2. Simple audio controls The controls attribute tells the browser to display common user controls for starting, stopping, and seeking in the media clip, as well as volume control. Leaving out the controls attribute hides them, and leaves the clip with no way for the user to start playing. The content between the audio tags is text representation of what the browser will display if it does not support the media tag. This is what you and your users will see if they are running an older browser. It also gives the opportunity to include an alternate renderer for the media, such as a Flash player plugin or a direct link to the media file. Using the Source Finally, we come to the most important attribute: src. In the simplest setup, a single src attribute points to the file containing the media clip. But what if the browser in question does not support that container or codec (in this case, Ogg and Vorbis)? Then, an alternate declaration can be used that includes multiple sources from which the browser can choose (see the example file audio_multisource.html): In this case, we include two new source elements instead of the src attribute on the audio tag. This allows the browser to choose which source best suits the playback capabilities it has and use the best fit as the actual media clip. Sources are processed in order, so a browser that can play multiple listed source types will use the first one it encounters. CHAPTER 3 ■ WORKING WITH HTML5 AUDIO AND VIDEO 73 ■ Note Place the media source files with the best user experience or lowest server load highest in any source list. Running this clip in a supported browser may not change what you see. But if a browser supports the MP3 format and not the Ogg Vorbis format, the media playback will now be supported. The beauty of this declaration model is that as you write code to interact with the media file, it doesn’t matter to you which container or codec was actually used. The browser provides a unified interface for you to manipulate the media, no matter which source was matched for playback. However, there is another way to give the browser hints about which media source to use. Recall that a container for media can support many different codec types, and you will understand that a browser may be misled into which types it does or does not support based on the extension of the declared source file. If you specify a type attribute that does not match your source, the browser may refuse to play the media. It may be wise to include the type only if you know it with certainty. Otherwise, it is better to omit this attribute and let the browser detect the encoding. Also note that the WebM format allows only one audio codec and one video codec. That means the .webm extension or the video/webm content-type tells you everything you need to know about the file. If a browser can play .webm, it should be able to play any valid .webm file, as shown in the following code example (and in the example file audio_type.html): As you can see, the type attribute can declare both the container and codec type. The values here represent Ogg Vorbis and MP3, respectively. The full list is governed by RFC 4281, a document maintained by the Internet Engineering Task Force (IETF), but some common combinations are listed in Table 3-2. Table 3-2. Media types and attribute values Type Attribute Value Theora video and Vorbis audio in an Ogg container type='video/ogg; codecs="theora, vorbis"' Vorbis audio in an Ogg container type='audio/ogg; codecs=vorbis' Simple baseline H.264 video and low complexity AAC audio in an MP4 container type='video/mp4; codecs="avc1.42E01E, mp4a.40.2"' MPEG-4 visual simple profile and low complexity AAC audio in an MP4 container type='video/mp4; codecs="mp4v.20.8, mp4a.40.2"' CHAPTER 3 ■ WORKING WITH HTML5 AUDIO AND VIDEO 74 Taking Control You’ve already seen that the default playback controls can be displayed by using the controls attribute in the video or audio tag. As you might expect, leaving out this attribute will not display controls when the media is displayed, but it will also not show anything at all in the case of audio files, as the only visual representation of an audio element is its controls. (A video without controls still displays the video content.) Leaving out the controls attribute should not display any content that affects the normal rendering of the page. One way to cause the media to play is to set another attribute in the tag: autoplay (see the example file audio_no_control.html): By including the autoplay attribute, the media file will play as soon as it is loaded, without any user interaction. However, most users will find this highly annoying, so use autoplay with caution. Playing audio without prompting may be intended to create an atmospheric effect or, worse, to force an advertisement on the user. But it also interferes with other audio playing on the user’s machine, and can be quite detrimental to users who rely on audible screen readers to navigate web content. If the built-in controls do not suit the layout of your user interface, or if you need to control the media element using calculations or behaviors that are not exposed in the default controls, there are many built-in JavaScript functions and attributes to help you, too. Table 3-3 lists some of the most common functions. Table 3-3. Common control functions Function Behavior load() Loads the media file and prepares it for playback. Normally does not need to be called unless the element itself is dynamically created. Useful for loading in advance of actual playback. play() Loads (if necessary) and plays the media file. Plays from the beginning unless the media is already paused at another position. pause() Pauses playback if currently active. canPlayType(type) Tests to see whether the video element can play a hypothetical file of the given MIME type. The canPlayType(type) function has a non-obvious use case: by passing in a MIME type of an arbitrary video clip to a dynamically created video element, you can use a simple script to determine whether the current browser supports that type. For example, the following code provides a quick way to determine whether the current browser can support playing videos with MIME type of fooType without displaying any visible content in the browser window: var supportsFooVideo = !!(document.createElement('video').canPlayType(‘fooType’)); CHAPTER 3 ■ WORKING WITH HTML5 AUDIO AND VIDEO 75 Table 3-4 shows a few of the read-only attributes on media elements. Table 3-4. Read-only media attributes Read-only attribute Value duration The duration of the full media clip, in seconds. If the full duration is not known, NaN is returned. paused Returns true if the media clip is currently paused. Defaults to true if the clip has not started playing. ended Returns true if the media clip has finished playing. startTime Returns the earliest possible value for playback start time. This will usually be 0.0 unless the media clip is streamed and earlier content has left the buffer. error An error code, if an error has occurred. currentSrc Returns the string representing the file that is currently being displayed or loaded. This will match the source element selected by the browser. Table 3-5 shows some of the attributes on the media elements that allow scripts to modify them and affect the playback directly. As such, they behave similar to functions. Table 3-5. Scriptable attribute values Attribute Value autoplay Sets the media clip to play upon creation or query whether it is set to autoplay. loop Returns true if the clip will restart upon ending or sets the clip to loop (or not loop). currentTime Returns the current time in seconds that has elapsed since the beginning of the playback. Sets currentTime to seek to a specific position in the clip playback. controls Shows or hides the user controls, or queries whether they are currently visible. volume Sets the audio volume to a relative value between 0.0 and 1.0, or queries the value of the same. muted Mutes or unmutes the audio, or determines the current mute state. autobuffer Tells the player whether or not to attempt to load the media file before playback is initiated. If the media is set for auto-playback, this attribute is ignored. CHAPTER 3 ■ WORKING WITH HTML5 AUDIO AND VIDEO 76 Between the various functions and attributes, it is possible for a developer to create any media playback user interface and use it to control any audio or video clip that is supported by the browser. Working with Audio If you understand the shared attributes for both audio and video media elements, you’ve basically seen all that the audio tag has to offer. So let’s look at a simple example that shows control scripting in action. Audio Activation If your user interface needs to play an audio clip for users, but you don’t want to affect the display with a playback timeline or controls, you can create an invisible audio element—one with the controls attribute unset or set to false—and present your own controls for audio playback. Consider the following simple code, also available in the sample code file audioCue.html: Audio cue Once again, we are using an audio element to play our favorite Bach tune. However, in this example we hide user controls and don’t set the clip to autoplay on load. Instead, we have created a toggle button to control the audio playback with script: CHAPTER 3 ■ WORKING WITH HTML5 AUDIO AND VIDEO 77 Our simple button is initialized to inform the user that clicking it will start playback. And each time the button is pressed, the toggleSound() function is triggered. Inside the toggleSound() function, we first gain access to the audio and button elements in the DOM: if (music.paused) { music.play(); toggle.innerHTML = "Pause"; } By accessing the paused attribute on the audio element, we can check to see whether the user has already paused playback. The attribute defaults to true if no playback is initiated, so this condition will be met on the first click. In that case, we call the play() function on the clip and change the text of the button to indicate that the next clip will pause: else { music.pause(); toggle.innerHTML ="Play"; } Conversely, if the music clip is not paused (if it is playing), we will actively pause() it and change the button text to indicate that the next click will restart play. Seems simple, doesn’t it? That’s the point of the media elements in HTML5: to create simple display and control across media types where once a myriad of plugins existed. Simplicity is its own reward. Working with Video Enough with simplicity. Let’s try something more complicated. The HTML5 video element is very similar to the audio element, but with a few extra attributes thrown in. Table 3-6 shows some of these attributes. Table 3-6. Additional video attributes Attribute Value poster The URL of an image file used to represent the video content before it has loaded. Think “movie poster.” This attribute can be read or altered to change the poster. width, height Read or set the visual display size. This may cause centering, letterboxing, or pillaring if the set width does not match the size of the video itself. videoWidth, videoHeight Return the intrinsic or natural width and height of the video. They cannot be set. The video element has one other key feature that is not applicable to the audio element: it can be provided to many functions of the HTML5 Canvas. (See Chapter 2 for more information about HTML5 Canvas.) CHAPTER 3 ■ WORKING WITH HTML5 AUDIO AND VIDEO 78 Creating a Video Timeline Browser In this more complex example, we’ll show how a video element can have its frames grabbed and displayed in a dynamic canvas. To demonstrate this capability, we’ll build a simple video timeline viewer. While the video plays, periodic image frames from its display will be drawn onto a nearby canvas. When the user clicks any frame displayed in the canvas, we’ll jump the playback of the video to that precise moment in time. With only a few lines of code, we can create a timeline browser that users can use to jump around inside a lengthy video. Our sample video clip is the tempting concession advert from the mid-20th century movie theaters, so let’s all go to the lobby to get ourselves a treat (see Figure 3-3). Figure 3-3. The video timeline application Adding the Video and the Canvas Element We start with a simple declaration to display our video clip: As most of this markup will look familiar to you from the audio example, let’s focus on the differences. Obviously, the

Status: ready

The Application in Action To see this example in action, there are two prerequisites: the pages have to be served up from different domains, and the target page has to be served up by a web server that understands CORS headers. A CORS-compliant Python script that can handle incoming cross-origin XMLHttpRequests is included in the example code for this chapter. You can run the demo on your local machine by performing the following steps: 1. Update your hosts file (C:\Windows\system32\drivers\etc\hosts on Windows or /etc/hosts on Unix/Linux) by adding two entries pointing to your localhost (IP address 127.0.0.1) as shown in the following example: 127.0.0.1 geodata.example.net 127.0.0.1 portal.example.com CHAPTER 5 ■ USING THE COMMUNICATION APIS 135 ■ Note You must restart your browser after modifying the host file to ensure the DNS entries take effect. 2. Install Python, which includes the lightweight SimpleHTTPServer web server, if you did not do so for the previous example. 3. Navigate to the directory that contains the example file (crossOrignUpload.html) and the Python CORS server script (CORSServer.py). 4. Start Python in this directory as follows: python CORSServer.py 9999 5. Open a browser and navigate to http://portal.example.com:9999/crossOriginUpload.html. You should now see the page shown in Figure 5.5. Practical Extras Sometimes there are techniques that don’t fit into our regular examples, but that nonetheless apply to many types of HTML5 applications. We present to you some short, but common, practical extras here. Structured Data Early versions of postMessage only supported strings. Later revisions allowed other types of data including JavaScript objects, canvas imageData, and files. Support for different object types will vary by browser as the specification develops. In some browsers, the limitations on JavaScript objects that can be sent with postMessage are the same as those for JSON data. In particular, data structures with cycles may not be allowed. An example of this is a list containing itself. Framebusting Framebusting is a technique for ensuring that your content is not loaded in an iframe. An application can detect that its window is not the outermost window (window.top) and subsequently break out of its containing frame, as shown in the following example. if (window !== window.top) { window.top.location = location; } However, there may be certain partner pages that you want to allow to frame your content. One solution is to use postMessage to handshake between cooperating iframes and containing pages, as shown in the Listing 5-11. CHAPTER 5 ■ USING THE COMMUNICATION APIS 136 Listing 5-10. Using postMessage in an iframe to handshake with a trusted partner page var framebustTimer; var timeout = 3000; // 3 second framebust timeout if (window !== window.top) { framebustTimer = setTimeout( function() { window.top.location = location; }, timeout); } window.addEventListener(“message”, function(e) { switch(e.origin) { case trustedFramer: clearTimeout(framebustTimer); break; } ), true); Summary In this chapter, you have seen how HTML5 Cross Document Messaging and XMLHttpRequest Level 2 can be used to create compelling applications that can securely communicate cross-origin. First, we discussed postMessage and the origin security concept—two key elements of HTML5 communication—and then we showed you how the postMessage API can be used to communicate between iframes, tabs, and windows. Next, we discussed XMLHttpRequest Level 2—an improved version of XMLHttpRequest. We showed you in which areas XMLHttpRequest has been improved; most importantly in the readystatechange events area. We then showed you how you can use XMLHttpRequest to make cross- origin requests and how to use the new progress events. Finally, we wrapped up the chapter with a few practical examples. In the next chapter, we’ll demonstrate how HTML5 WebSockets enables you to stream real-time data to an application with incredible simplicity and minimal overhead. C H A P T E R 6 ■ ■ ■ 137 Using the HTML5 WebSocket API In this chapter, we’ll explore what you can do with the most powerful communication feature in the HTML5 specification: HTML5 WebSockets, which defines a full-duplex communication channel that operates through a single socket over the web. Websocket is not just another incremental enhancement to conventional HTTP communications; it represents a large advance, especially for real-time, event- driven web applications. HTML5 WebSockets provide such an improvement from the old, convoluted “hacks” that are used to simulate a full-duplex connection in a browser that it prompted Google’s Ian Hickson—the HTML5 specification lead—to say: “Reducing kilobytes of data to 2 bytes…and reducing latency from 150ms to 50ms is far more than marginal. In fact, these two factors alone are enough to make WebSockets seriously interesting to Google.” —www.ietf.org/mail-archive/web/hybi/current/msg00784.html We’ll show you in detail just why HTML5 WebSockets provide such a dramatic improvement and you’ll see how—in one fell swoop—HTML5 WebSockets makes all the old Comet and Ajax polling, long- polling, and streaming solutions obsolete. Overview of HTML5 WebSockets Let’s take a look at how HTML5 WebSockets can offer a reduction of unnecessary network traffic and latency by comparing HTTP solutions to full duplex "real time" browser communication with WebSockets. Real-Time and HTTP Normally when a browser visits a web page, an HTTP request is sent to the web server that hosts that page. The web server acknowledges this request and sends back the response. In many cases—for example, for stock prices, news reports, ticket sales, traffic patterns, medical device readings, and so on—the response could be stale by the time the browser renders the page. If you want to get the most CHAPTER 6 ■ USING THE HTML5 WEBSOCKET API 138 up-to-date real-time information, you can constantly refresh that page manually, but that’s obviously not a great solution. Current attempts to provide real-time web applications largely revolve around polling and other server-side push technologies, the most notable of which is "Comet", which delays the completion of an HTTP response to deliver messages to the client. With polling, the browser sends HTTP requests at regular intervals and immediately receives a response. This technique was the first attempt for the browser to deliver real-time information. Obviously, this is a good solution if the exact interval of message delivery is known, because you can synchronize the client request to occur only when information is available on the server. However, real- time data is often not that predictable, making unnecessary requests inevitable and as a result, many connections are opened and closed needlessly in low-message-rate situations. With long-polling, the browser sends a request to the server and the server keeps the request open for a set period of time. If a notification is received within that period, a response containing the message is sent to the client. If a notification is not received within the set time period, the server sends a response to terminate the open request. It is important to understand, however, that when you have a high message-volume, long-polling does not provide any substantial performance improvements over traditional polling. With streaming, the browser sends a complete request, but the server sends and maintains an open response that is continuously updated and kept open indefinitely (or for a set period of time). The response is then updated whenever a message is ready to be sent, but the server never signals to complete the response, thus keeping the connection open to deliver future messages. However, since streaming is still encapsulated in HTTP, intervening firewalls and proxy servers may choose to buffer the response, increasing the latency of the message delivery. Therefore, many streaming solutions fall back to long-polling in case a buffering proxy server is detected. Alternatively, TLS (SSL) connections can be used to shield the response from being buffered, but in that case the setup and tear down of each connection taxes the available server resources more heavily. Ultimately, all of these methods for providing real-time data involve HTTP request and response headers, which contain lots of additional, unnecessary header data and introduce latency. On top of that, full-duplex connectivity requires more than just the downstream connection from server to client. In an effort to simulate full-duplex communication over half-duplex HTTP, many of today’s solutions use two connections: one for the downstream and one for the upstream. The maintenance and coordination of these two connections introduces significant overhead in terms of resource consumption and adds lots of complexity. Simply put, HTTP wasn’t designed for real-time, full-duplex communication as you can see in the Figure 5-1, which shows the complexities associated with building a web application that displays real-time data from a back-end data source using a publish/subscribe model over half-duplex HTTP. CHAPTER 6 ■ USING THE HTML5 WEBSOCKET API 139 Figure 6-1. The complexity of real-time HTTP applications It gets even worse when you try to scale out those solutions. Simulating bi-directional browser communication over HTTP is error-prone and complex and all that complexity does not scale. Even though your end users might be enjoying something that looks like a real-time web application, this “real-time” experience has a high price tag. It’s a price that you will pay in additional latency, unnecessary network traffic and a drag on CPU performance. Understanding HTML5 WebSockets HTML5 WebSocket was first defined as “TCPConnection” in the Communications section of the HTML5 specification by Ian Hickson (lead writer of the HTML5 specification). The specification evolved and changed to WebSocket, which is now an independent specification (just like Geolocation, Web Workers and so on), to keep the discussion focused. WHAT DO WEBSOCKETS AND MODEL TRAINS HAVE IN COMMON? Peter says: “Ian Hickson is quite the model train enthusiast; he has been planning ways to control trains from computers ever since 1984 when Marklin first came out with a digital controller, long before the web even existed. At the that time, Ian added TCPConnection to the HTML5 specification, he was working on a program to control a model train set from a browser and he was using the prevalent pre-WebSocket “hanging GET” and XHR techniques to achieve browser to train communication. The train-controller program would have been a lot easier to build if there was a way to have socket communication in a browser—much like traditional asynchronous client/server communication model that is found in “fat” clients. So, inspired by what could be possible, the (train) wheels had been set in motion and the WebSocket train had left the station. Next stop: the real-time web.” CHAPTER 6 ■ USING THE HTML5 WEBSOCKET API 140 The WebSocket Handshake To establish a WebSocket connection, the client and server upgrade from the HTTP protocol to the WebSocket protocol during their initial handshake, as shown in Listing 6-1. Note that this connection description represents draft 76 of the protocol; the connection handshake may change during future specification revisions. Listing 6-1. The WebSocket Upgrade handshake From client to server: GET /demo HTTP/1.1 Host: example.com Connection: Upgrade Sec-WebSocket-Key2: 12998 5 Y3 1 .P00 Sec-WebSocket-Protocol: sample Upgrade: WebSocket Sec-WebSocket-Key1: 4@1 46546xW%0l 1 5 Origin: http://example.com [8-byte security key] From server to client: HTTP/1.1 101 WebSocket Protocol Handshake Upgrade: WebSocket Connection: Upgrade WebSocket-Origin: http://example.com WebSocket-Location: ws://example.com/demo WebSocket-Protocol: sample [16-byte hash response] Once established, WebSocket messages can be sent back and forth between the client and the server in full-duplex mode. This means that text-based messages can be sent full-duplex, in either direction at the same time. On the network each message starts with a 0x00 byte, ends with a 0xFF byte, and contains UTF-8 data in between. The WebSocket Interface Along with the definition of the WebSocket protocol, the specification also defines the WebSocket interface for use in JavaScript applications. Listing 6-2 shows the WebSocket interface. CHAPTER 6 ■ USING THE HTML5 WEBSOCKET API 141 Listing 6-2. The WebSocket interface [Constructor(in DOMString url, in optional DOMString protocol)] interface WebSocket { readonly attribute DOMString URL; // ready state const unsigned short CONNECTING = 0; const unsigned short OPEN = 1; const unsigned short CLOSED = 2; readonly attribute unsigned short readyState; readonly attribute unsigned long bufferedAmount; // networking attribute Function onopen; attribute Function onmessage; attribute Function onclose; boolean send(in DOMString data); void close(); }; WebSocket implements EventTarget; Using the WebSocket interface is straightforward. To connect a remote host, just create a new WebSocket instance, providing the new object with a URL that represents the end-point to which you wish to connect. Note that a ws:// and wss:// prefix indicate a WebSocket and a secure WebSocket connection, respectively. A WebSocket connection is established by upgrading from the HTTP protocol to the WebSocket protocol during the initial handshake between the client and the server, over the same underlying TCP/IP connection. Once established, WebSocket data frames can be sent back and forth between the client and the server in full-duplex mode. The connection itself is exposed via the message event and send method defined by the WebSocket interface. In your code, you use asynchronous event listeners to handle each phase of the connection life cycle. myWebSocket.onopen = function(evt) { alert("Connection open ..."); }; myWebSocket.onmessage = function(evt) { alert( "Received Message: " + evt.data); }; myWebSocket.onclose = function(evt) { alert("Connection closed."); }; A Dramatic Reduction in Unnecessary Network Traffic and Latency So how efficient can WebSockets be? Let’s compare a polling application and a WebSocket application side by side. To illustrate polling, we will examine a simple web application in which a web page requests real-time stock data from a RabbitMQ message broker using a traditional publish/subscribe model. It does this by polling a Java Servlet that is hosted on a web server. The RabbitMQ message broker receives data from a fictitious stock price feed with continuously updating prices. The web page connects and subscribes to a specific stock channel (a topic on the message broker) and uses an XMLHttpRequest to poll for updates once per second. When updates are received, some calculations are performed and the stock data is shown in a table as shown in Figure 6-2. CHAPTER 6 ■ USING THE HTML5 WEBSOCKET API 142 Figure 6-2. A JavaScript stock ticker application It all looks great, but a look under the hood reveals there are some serious issues with this application. For example, in Mozilla Firefox with Firebug, you can see that GET requests hammer the server at one-second intervals. Turning on the Live HTTP Headers add-on reveals the shocking amount of header overhead that is associated with each request. Listings 6-3 and 6-4 show the HTTP header data for just a single request and response. Listing 6-3. HTTP request header GET /PollingStock//PollingStock HTTP/1.1 Host: localhost:8080 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://www.example.com/PollingStock/ Cookie: showInheritedConstant=false; showInheritedProtectedConstant=false; showInheritedProperty=false; showInheritedProtectedProperty=false; showInheritedMethod=false; showInheritedProtectedMethod=false; showInheritedEvent=false; showInheritedStyle=false; showInheritedEffect=false CHAPTER 6 ■ USING THE HTML5 WEBSOCKET API 143 Listing 6-4. HTTP response header HTTP/1.x 200 OK X-Powered-By: Servlet/2.5 Server: Sun Java System Application Server 9.1_02 Content-Type: text/html;charset=UTF-8 Content-Length: 21 Date: Sat, 07 Nov 2009 00:32:46 GMT Just for fun (ha!), we can count all the characters. The total HTTP request and response header information overhead contains 871 bytes and that does not even include any data. Of course, this is just an example and you can have less than 871 bytes of header data, but there are also common cases where the header data exceeded 2,000 bytes. In this example application, the data for a typical stock topic message is only about 20 characters long. As you can see, it is effectively drowned out by the excessive header information, which was not even required in the first place. So, what happens when you deploy this application to a large number of users? Let’s take a look at the network overhead for just the HTTP request and response header data associated with this polling application in three different use cases. • Use case A: 1,000 clients polling every second: Network traffic is (871 × 1,000) = 871,000 bytes = 6,968,000 bits per second (6.6 Mbps) • Use case B: 10,000 clients polling every second: Network traffic is (871 × 10,000) = 8,710,000 bytes = 69,680,000 bits per second (66 Mbps) • Use case C: 100,000 clients polling every 1 second: Network traffic is (871 × 100,000) = 87,100,000 bytes = 696,800,000 bits per second (665 Mbps) That’s an enormous amount of unnecessary network overhead. Consider if we rebuilt the application to use HTML5 WebSockets, adding an event handler to the web page to asynchronously listen for stock update messages from the message broker (more on that in just a little bit). Each of these messages is a WebSocket frame that has just two bytes of overhead (instead of 871). Take a look at how that affects the network overhead in our three use cases. • Use case A: 1,000 clients receive 1 message per second: Network traffic is (2 × 1,000) = 2,000 bytes = 16,000 bits per second (0.015 Mbps) • Use case B: 10,000 clients receive 1 message per second: Network traffic is (2 × 10,000) = 20,000 bytes = 160,000 bits per second (0.153 Mbps) • Use case C: 100,000 clients receive 1 message per second: Network traffic is (2 × 100,000) = 200,000 bytes = 1,600,000 bits per second (1.526 Mbps) As you can see in Figure 6-3, HTML5 WebSockets provide a dramatic reduction of unnecessary network traffic compared to the polling solution. CHAPTER 6 ■ USING THE HTML5 WEBSOCKET API 144 Figure 6-3. Comparison of the unnecessary network overhead between the polling and the WebSocket applications And what about the reduction in latency? Take a look at Figure 6-4. In the top half, you can see the latency of the half-duplex polling solution. If we assume, for this example, that it takes 50 milliseconds for a message to travel from the server to the browser, then the polling application introduces a lot of extra latency, because a new request has to be sent to the server when the response is complete. This new request takes another 50ms and during this time the server cannot send any messages to the browser, resulting in additional server memory consumption. In the bottom half of the figure, you see the reduction in latency provided by the WebSocket solution. Once the connection is upgraded to WebSocket, messages can flow from the server to the browser the moment they arrive. It still takes 50 ms for messages to travel from the server to the browser, but the WebSocket connection remains open so there is no need to send another request to the server. CHAPTER 6 ■ USING THE HTML5 WEBSOCKET API 145 Figure 6-4. Latency comparison between the polling and WebSocket applications HTML5 WebSockets provides an enormous step forward in the scalability of the real-time web. As you have seen in this chapter, HTML5 WebSockets can provide a 500:1 or—depending on the size of the HTTP headers—even a 1000:1 reduction in unnecessary HTTP header traffic and 3:1 reduction in latency. CHAPTER 6 ■ USING THE HTML5 WEBSOCKET API 146 Browser Support for HTML5 WebSockets As shown in Table 6-1, HTML5 WebSockets is supported and planned in various browsers at the time of this writing. Table 6-1. Browser support for HTML5 WebSocket Browser Details Chrome Supported in version 4+ Firefox Supported in version 4+ Internet Explorer Not supported yet Opera Not supported yet Safari Supported in version 5+ Due to the varying levels of support, it is a good idea to first test if HTML5 WebSockets are supported, before you use these elements. The section “Checking for Browser Support” later in this chapter will show you how you can programmatically check for browser support. Writing a Simple Echo WebSocket Server Before you can use the WebSocket API, you need a server that supports WebSockets. In this section we’ll take a look at how a simple WebSocket “echo” server is written. To run the examples for this chapter, we have included a simple WebSocket server written in Python. The sample code for the following examples is located in the WebSockets section of the book web site. CHAPTER 6 ■ USING THE HTML5 WEBSOCKET API 147 EXISTING WEBSOCKET SERVERS There are lots of WebSocket server implementations out there already and even more under development. The following are just a couple of the existing WebSocket servers: Kaazing’s WebSocket Gateway includes full client-side WebSocket emulation support for browsers without native implementation of WebSocket, which allows you to code against the WebSocket API today and have your code work in all browsers. To run the Python WebSocket echo server accepting connections at ws://localhost:8080/echo, open a command prompt, navigate to the folder that contains the file, and issue the following command: python websocket.py We have also included a broadcast server that accepts connections at ws://localhost:8080/broadcast. Contrary to the echo server, any WebSocket message sent to this particular server implementation will bounce back to everyone that is currently connected. It’s a very simple way to broadcast messages to multiple listeners. To run the broadcast server, open a command prompt, navigate to the folder that contains the file, and issue the following command: python broadcast.py Both scripts make use of the example WebSocket protocol library in websocket.py. You can add handlers for other paths that implement additional server- side behavior. ■ Note This is only a server for the WebSocket protocol and it cannot respond to HTTP requests. Because WebSocket connections begin with a subset of legal HTTP and rely on the Upgrade header, other servers can serve both WebSocket and HTTP on the same port. Let’s see what happens when a browser tries to communicate with this server. When the browser makes a request to the WebSocket URL, the server sends back the headers that finish the WebSocket handshake. A WebSocket handshake response must begin with exactly the line HTTP/1.1 101 WebSocket • Kaazing WebSocket Gateway—a Java-based WebSocket Gateway • mod_pywebsocket—a Python-based extension for the Apache HTTP Server • Netty—a Java network framework which includes WebSocket support • node.js—a server-side JavaScript framework on which multiple WebSocket servers have been written CHAPTER 6 ■ USING THE HTML5 WEBSOCKET API 148 Protocol Handshake. In fact, the order and content of the handshake headers are more strictly defined than HTTP headers. ■ Note If you are implementing a WebSocket server, you should refer to the protocol draft at the IETF at http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol or the latest specification. # write out response headers self.send_bytes("HTTP/1.1 101 Web Socket Protocol Handshake\r\n") self.send_bytes("Upgrade: WebSocket\r\n") self.send_bytes("Connection: Upgrade\r\n") self.send_bytes("Sec-WebSocket-Origin: %s\r\n" % headers["Origin"]) self.send_bytes("Sec-WebSocket-Location: %s\r\n" % headers["Location"]) if "Sec-WebSocket-Protocol" in headers: protocol = headers["Sec-WebSocket-Protocol"] self.send_bytes("Sec-WebSocket-Protocol: %s\r\n" % protocol) self.send_bytes("\r\n") # write out hashed response token self.send_bytes(response_token) After the handshake, the client and server can send messages at any time. Each connection is represented on the server by a WebSocketConnection instance. The WebSocketConnection’s send function, shown below, transforms a string for the WebSocket protocol. The 0x00 and 0xFF bytes surrounding the UFT-8 encoded string mark the frame boundary. In this server, each WebSocket connection is an asyncore.dispatcher_with_send, which is an asynchronous socket wrapper with support for buffered sends. ■ Note There are many other asynchronous I/O frameworks for Python and other languages. Asyncore was chosen because it is included in the Python standard library. Note also that both version 75 and 76 of the WebSocket protocol are supported in this implementation. Strictly speaking, supporting both versions at the same time is not allowed. This is a simple example designed for testing and illustation. WebSocketConnection inherits from asyncore.dispatcher_with_send and overrides the send method to UTF-8 encode strings and add WebSocket string framing. def send(self, s): if self.readystate == "open": self.send_bytes("\x00") self.send_bytes(s.encode("UTF8")) self.send_bytes("\xFF") CHAPTER 6 ■ USING THE HTML5 WEBSOCKET API 149 Handlers for WebSocketConnections in websocket.py follow a simplified dispatcher interface. The handler’s dispatch() method is called with the payload of each frame the connection receives. The EchoHandler sends back each message to the sender. class EchoHandler(object): """ The EchoHandler repeats each incoming string to the same WebSocket. """ def __init__(self, conn): self.conn = conn def dispatch(self, data): self.conn.send("echo: " + data) The basic broadcast server broadcast.py works in much the same way, but in this case when the broadcast handler receives a string, it sends it back on all connected WebSockets as shown in the following example. class BroadcastHandler(object): """ The BroadcastHandler repeats incoming strings to every connected WebSocket. """ def __init__(self, conn): self.conn = conn def dispatch(self, data): for session in self.conn.server.sessions: session.send(data) The handler in broadcast.py provides a lightweight message broadcaster that simply sends and receives strings. This is sufficient for the purposes of our example. Be aware that this broadcast service does not perform any input verification as would be desirable in a production message server. A production WebSocket server should, at the very least, verify the format of incoming data. For completeness, Listings 6-5 and 6-6 provide the complete code for websocket.py and broadcast.py. Note that this is just an example server implementation; it is not suited for production deployment. Listing 6-5. complete code for websocket.py #!/usr/bin/env python import asyncore import socket import struct import time import hashlib class WebSocketConnection(asyncore.dispatcher_with_send): CHAPTER 6 ■ USING THE HTML5 WEBSOCKET API 150 def __init__(self, conn, server): asyncore.dispatcher_with_send.__init__(self, conn) self.server = server self.server.sessions.append(self) self.readystate = "connecting" self.buffer = "" def handle_read(self): data = self.recv(1024) self.buffer += data if self.readystate == "connecting": self.parse_connecting() elif self.readystate == "open": self.parse_frametype() def handle_close(self): self.server.sessions.remove(self) self.close() def parse_connecting(self): header_end = self.buffer.find("\r\n\r\n") if header_end == -1: return else: header = self.buffer[:header_end] # remove header and four bytes of line endings from buffer self.buffer = self.buffer[header_end+4:] header_lines = header.split("\r\n") headers = {} # validate HTTP request and construct location method, path, protocol = header_lines[0].split(" ") if method != "GET" or protocol != "HTTP/1.1" or path[0] != "/": self.terminate() return # parse headers for line in header_lines[1:]: key, value = line.split(": ") headers[key] = value headers["Location"] = "ws://" + headers["Host"] + path self.readystate = "open" self.handler = self.server.handlers.get(path, None)(self) if "Sec-WebSocket-Key1" in headers.keys(): self.send_server_handshake_76(headers) else: self.send_server_handshake_75(headers) CHAPTER 6 ■ USING THE HTML5 WEBSOCKET API 151 def terminate(self): self.ready_state = "closed" self.close() def send_server_handshake_76(self, headers): """ Send the WebSocket Protocol v.76 handshake response """ key1 = headers["Sec-WebSocket-Key1"] key2 = headers["Sec-WebSocket-Key2"] # read additional 8 bytes from buffer key3, self.buffer = self.buffer[:8], self.buffer[8:] response_token = self.calculate_key(key1, key2, key3) # write out response headers self.send_bytes("HTTP/1.1 101 Web Socket Protocol Handshake\r\n") self.send_bytes("Upgrade: WebSocket\r\n") self.send_bytes("Connection: Upgrade\r\n") self.send_bytes("Sec-WebSocket-Origin: %s\r\n" % headers["Origin"]) self.send_bytes("Sec-WebSocket-Location: %s\r\n" % headers["Location"]) if "Sec-WebSocket-Protocol" in headers: protocol = headers["Sec-WebSocket-Protocol"] self.send_bytes("Sec-WebSocket-Protocol: %s\r\n" % protocol) self.send_bytes("\r\n") # write out hashed response token self.send_bytes(response_token) def calculate_key(self, key1, key2, key3): # parse keys 1 and 2 by extracting numerical characters num1 = int("".join([digit for digit in list(key1) if digit.isdigit()])) spaces1 = len([char for char in list(key1) if char == " "]) num2 = int("".join([digit for digit in list(key2) if digit.isdigit()])) spaces2 = len([char for char in list(key2) if char == " "]) combined = struct.pack(">II", num1/spaces1, num2/spaces2) + key3 # md5 sum the combined bytes return hashlib.md5(combined).digest() def send_server_handshake_75(self, headers): """ Send the WebSocket Protocol v.75 handshake response """ self.send_bytes("HTTP/1.1 101 Web Socket Protocol Handshake\r\n") self.send_bytes("Upgrade: WebSocket\r\n") self.send_bytes("Connection: Upgrade\r\n") self.send_bytes("WebSocket-Origin: %s\r\n" % headers["Origin"]) self.send_bytes("WebSocket-Location: %s\r\n" % headers["Location"]) CHAPTER 6 ■ USING THE HTML5 WEBSOCKET API 152 if "Protocol" in headers: self.send_bytes("WebSocket-Protocol: %s\r\n" % headers["Protocol"]) self.send_bytes("\r\n") def parse_frametype(self): while len(self.buffer): type_byte = self.buffer[0] if type_byte == "\x00": if not self.parse_textframe(): return def parse_textframe(self): terminator_index = self.buffer.find("\xFF") if terminator_index != -1: frame = self.buffer[1:terminator_index] self.buffer = self.buffer[terminator_index+1:] s = frame.decode("UTF8") self.handler.dispatch(s) return True else: # incomplete frame return false def send(self, s): if self.readystate == "open": self.send_bytes("\x00") self.send_bytes(s.encode("UTF8")) self.send_bytes("\xFF") def send_bytes(self, bytes): asyncore.dispatcher_with_send.send(self, bytes) class EchoHandler(object): """ The EchoHandler repeats each incoming string to the same Web Socket. """ def __init__(self, conn): self.conn = conn def dispatch(self, data): self.conn.send("echo: " + data) class WebSocketServer(asyncore.dispatcher): def __init__(self, port=80, handlers=None): asyncore.dispatcher.__init__(self) self.handlers = handlers CHAPTER 6 ■ USING THE HTML5 WEBSOCKET API 153 self.sessions = [] self.port = port self.create_socket(socket.AF_INET, socket.SOCK_STREAM) self.set_reuse_addr() self.bind(("", port)) self.listen(5) def handle_accept(self): conn, addr = self.accept() session = WebSocketConnection(conn, self) if __name__ == "__main__": print "Starting WebSocket Server" WebSocketServer(port=8080, handlers={"/echo": EchoHandler}) asyncore.loop() You may have noticed an unusual key calculation in the WebSocket handshake. This is intended to prevent cross-protocol attacks. In short, this should stop malicious WebSocket client code from spoofing connections to non-WebSocker servers. This part of the handshake design is still undergoing discussion as of draft-76. Listing 6-6. complete code for broadcast.py #!/usr/bin/env python import asyncore from websocket import WebSocketServer class BroadcastHandler(object): """ The BroadcastHandler repeats incoming strings to every connected WebSocket. """ def __init__(self, conn): self.conn = conn def dispatch(self, data): for session in self.conn.server.sessions: session.send(data) if __name__ == "__main__": print "Starting WebSocket broadcast server" WebSocketServer(port=8000, handlers={"/broadcast": BroadcastHandler}) asyncore.loop() Now that we’ve got a working echo server, we need to write the client side. CHAPTER 6 ■ USING THE HTML5 WEBSOCKET API 154 Using the HTML5 WebSocket API In this section, we’ll explore the use of HTML5 WebSocket in more detail. Checking for Browser Support Before you use the HTML5 WebSocket API, you will want to make sure there is support in the browser for what you’re about to do. This way, you can provide some alternate text, prompting the users of your application to upgrade to a more up-to-date browser. Listing 6-9 shows one way you can test for browser support. Listing 6-7. Checking for browser support function loadDemo() { if (window.WebSocket) { document.getElementById("support").innerHTML = "HTML5 WebSocket is supported in your browser."; } else { document.getElementById("support").innerHTML = "HTML5 WebSocket is not supported in your browser."; } } In this example, you test for browser support in the loadDemo function, which might be called when the application’s page is loaded. A call to window.WebSocket will return the WebSocket object if it exists, or trigger the failure case if it does not. In this case, the page is updated to reflect whether there is browser support or not by updating a previously defined support element on the page with a suitable message. Another way to see if HTML5 WebSocket is supported in your browser, is to use the browser’s console (Firebug or Chrome Developer Tools for example). Figure 6-5 shows how you can test whether WebSockets is supported natively in Google Chrome (if it is not, the window.WebSocket command returns “undefined.”) Figure 6-5. Testing WebSocket support in Google Chrome Developer Tools CHAPTER 6 ■ USING THE HTML5 WEBSOCKET API 155 Basic API Usage The sample code for the following examples is located on the book web site in the WebSockets section. This folder contains a websocket.html file and a broadcast.html file (and a tracker.html file used in the following section) as well as the WebSocket server code shown previously that can be run in Python. Creating a WebSocket object and Connecting to a WebSocket Server Using the WebSocket interface is straight-forward. To connect to an end-point, just create a new WebSocket instance, providing the new object with a URL that represents the end-point to which you wish to connect. You can use the ws:// and wss:// prefixes are to indicate a WebSocket and a WebSocket Secure connection, respectively. url = "ws://localhost:8080/echo"; w = new WebSocket(url); Adding Event Listeners WebSocket programming follows an asynchronous programming model; once you have an open socket, you simply wait for events. You don’t have to actively poll the server anymore. To do this, you add callback functions to the WebSocket object to listen for events. A WebSocket object dispatches three events: open, close, and message. The open event fires when a connection is established, the message event fires when messages are received, and the close event fires when the WebSocket connection is closed. As in most JavaScript APIs, there are corresponding callbacks (onopen, onmessage, and onclose) that are called when the events are dispatched. w.onopen = function() { log("open"); w.send("thank you for accepting this websocket request"); } w.onmessage = function(e) { log(e.data); } w.onclose = function(e) { log("closed"); } Sending Messages While the socket is open (that is, after the onopen listener is called and before the onclose listener is called), you can use the send method to send messages. After sending the message, you can also call close to terminate the connection, but you can also leave the connection open. document.getElementById("sendButton").onclick = function() { w.send(document.getElementById("inputMessage").value); } CHAPTER 6 ■ USING THE HTML5 WEBSOCKET API 156 That’s it. Bi-directional browser communication made simple. For completeness, Listing 6-8 shows the entire HTML page with the WebSocket code. Listing 6-8. websocket.html code WebSocket Test Page
   Running the WebSocket Page   To test the websocket.html page that contains the WebSocket code, open a command prompt, navigate   to the folder that contains the WebSocket code, and issue the following command to host the HTML file:      python -m SimpleHTTPServer 9999      CHAPTER 6 ■ USING THE HTML5 WEBSOCKET API      157   Next, open another command prompt, navigate to the folder that contains the WebSocket code, and   issue the following command to run the Python WebSocket server:      python websocket.py      Finally, open a browser that supports WebSockets natively and navigate to   http://localhost:9999/websocket.html.   Figure 6-6 shows the web page in action.         Figure 6-6. websocket.html in action   The example code folder also contains a web page that connects to the broadcast service that was   created in the previous section. To see that action, close the command prompt that is running the   WebSocket server and navigate to the folder that contains the WebSocket code, and issue the following   command to run the python WebSocket server.      python broadcast.py      Open two separate browsers that supports WebSockets natively and navigate (in each browser) to   http://localhost:9999/broadcast.html.   Figure 6-7 shows the broadcast WebSocket server in action on two separate web pages.      CHAPTER 6 ■ USING THE HTML5 WEBSOCKET API      158      Figure 6-7. broadcast.html in action in two browsers   Building an Application with HTML5 WebSockets   Now that we’ve seen the basics of WebSocket, it’s time to tackle something a little more substantial.   Previously, we used the HTML5 Geolocation API to build an application that allowed us to calculate   distance traveled directly inside our web page. We can utilize those same Geolocation techniques, mixed   together with our new support for WebSockets, and create a simple application that keeps multiple   participants connected: a location tracker.    ■ Note We’ll be using the broadcast WebSocket server described above, so if you aren’t familiar with it you   should consider taking some time to learn its basics.   In this application, we’ll combine the WebSocket and Geolocation support by determining our   location and broadcasting it to all available listeners. Everyone who loads this application and connects   to the same broadcast server will regularly send their geographic location using the WebSocket. At the   same time, the application will listen for any messages from the server and update in real-time display   entries for everyone it hears about. In a race scenario, this sort of application could keep runners   informed of the location of all their competitors and prompt them to run faster (or slow down).   CHAPTER 6 ■ USING THE HTML5 WEBSOCKET API      159   This tiny application does not include any personal information other than latitude and longitude   location. Name, date of birth, and favorite ice cream flavor are kept strictly confidential.   YOU WERE WARNED!   Brian says: “This application is all about sharing your personal information. Granted, only a location is   shared. However, if you (or your users) didn’t understand the browser warning that was offered when the   Geolocation API was first accessed, this application should be a stark lesson in how easy it will be to   transmit sensitive data to remote locations. Make sure your users understand the consequences of   agreeing to submit location data.   When in doubt, go above and beyond in your application to let the user know how their sensitive data can   be used. Make opting out the easiest path of action.”      But that’s enough warnings… Let’s dig into the code. As always, the entire code sample is located   online for your perusal. We’ll focus on the most important parts here. The finished application will look   like Figure 6-8. Although ideally, this would be enhanced by overlaying it on a map.         Figure 6-8. The Location Tracker application   Coding the HTML File   The HTML markup for this application will be kept deliberately simple so that we can focus on the data   at hand. How simple?            

HTML5 WebSocket / Geolocation Tracker

Geolocation:

HTML5 Geolocation is not supported in your browser.

WebSocket:

WebSockets are not supported in your browser.

CHAPTER 6 ■ USING THE HTML5 WEBSOCKET API 160 Simple enough that we only include a title and a few status areas: one status area for Geolocation updates, and another to log any WebSocket activity. The actual visuals for location data will be inserted into the page as messages are received in real-time. By default, our status messages indicate that a viewer’s browser does not support either Geolocation or WebSockets. Once we detect support for the two HTML5 technologies, we’ll update the status with something a little friendlier. Summary In this chapter, you have seen how HTML5 WebSockets provide a simple, yet powerful mechanism for creating compelling, real-time applications. First we looked at the nature of the protocol itself, and how it interoperates with existing HTTP traffic. We compared the network overhead demands of current polling-based communcation strategies versus the limited overhead of a native WebSocket. To illustrate WebSockets in action, we explored a simple implementation of a WebSocket server to show how simple it is to implement this protocol in practice. Similary, we examined the client-side WebSocket API, noting the ease of integration it provides with existing JavaScript programming. Finally, we walked through a more complex sample application which combined the power of Geolocation with WebSockets to demonstrate how well the two technologies can work together. Now that we've seen how HTML5 brings socket-style network programming to the browser, we'll turn our attention to gathering more interesting data than just a user's current location. In the next chapter, we look at the enhancements made to form controls in HTML5. C H A P T E R 7 ■ ■ ■ 169 Using the HTML5 Forms API In this chapter, we’ll explore all the new capabilities at your command with a longstanding technology: HTML Forms. Forms have been the backbone of the explosion of the Web since they first appeared. Without form controls, web business transactions, social discussions, and efficient searches would simply not be possible. Sadly, HTML5 Forms is one of the areas in greatest flux in both specification and implementation, in spite of having been in design for many years. There’s good and bad news. The good news is that the progress in this area, while incremental, is increasing fairly rapidly.The bad news is that you’ll need to tread carefully to find the subset of new form controls that will work in all your target browsers. The forms specification details a large set of APIs, and it is not uncommon to find that each major new release of an HTML5-compliant web browser adds support for one or more form controls and some of the helpful validation features. Regardless, we’ll use this chapter to help you navigate through the virtual sea of controls and find which ones are ready to use today, and which are nearing release. Overview of HTML5 Forms If you are already familiar with forms in HTML—and we assume you are if you are interested in pro HTML programming—then you will find the new additions in HTML5 to be a comfortable fit on a solid foundation. If you aren’t yet familiar with the basics of form usage, we recommend any of the numerous books and tutorials on creating and handling form values. The topic is well covered at this point, and you will be happy to know that: • Forms should still be encapsulated in a
element where the basic submission attributes are set. • Forms still send the values of the controls to the server when the user or the application programmer submits the page. • All of the familiar form controls—text fields, radio buttons, check boxes, and so on—are still present and working as before (albeit with some new features). • Form controls are still fully scriptable for those who wish to write their own modifiers and handlers. CHAPTER 7 ■ USING THE HTML5 FORMS API 170 HTML Forms vs. XForms You may have heard references to XForms in the last few years, long before the HTML5 effort gained much traction. XForms is an XML-centric, powerful, and somewhat complex, standard for specifying client-side form behavior that has been developed in its own W3C working group for nearly ten years. XForms harnesses the full power of XML Schema to define precise rules for validation and formatting. Unfortunately, no current major browser supports XForms without additional plugins. Functional Forms HTML5 Forms has instead focused on evolving the existing, simple HTML Forms to encompass more types of controls and address the practical limitations that web developers face today. There is an important note to keep in mind, especially as you compare form implementations across different browsers. ■ Note The most important concept to grasp about HTML5 Forms is that the specification deals with functional behavior and semantics, not appearances or displays. For example, while the specification details the functional APIs for elements such as color and date pickers, number selectors, and email address entry, the specification does not state how browsers should render these elements to end users. This is a great choice on multiple levels. It allows browsers to compete on innovate ways to provide user interaction; it separates styling from semantics; and it allows future or specialized user input devices to interact in ways that are natural to their operation. However, until your targeted browser platforms support all the form controls in your application, make sure you provide enough contextual information for the user to know how to interact with a fallback rendering. With the right tips and descriptions, users will have no trouble with your application, even if it falls back to alternate content when presented with unknown input types. HTML5 Forms encompasses a great number of new APIs and elements types, and support for them is all over the map now. In order to wrap our heads around all the new functionality, we will address it by breaking it into two categories • New input types • New functions and attributes However, before we even start with that, let’s take a quick assessment of how the HTML5 Form specifications are supported in today’s browsers. Browser Support for HTML5 Forms Browser support for HTML5 Forms is growing, but limited. It appears that many browser vendors besides Opera have not put significant effort into their new form controls yet. However, the WebKit browsers have recently increased support for forms, perhaps because of the introduction of the iPhone CHAPTER 7 ■ USING THE HTML5 FORMS API 171 and its virtual keyboard display, as we will see shortly. More advanced features such as validation are just being introduced. Table 7-1 summarizes the current state of HTML5 Forms support today. Table 7-1. Browser support for HTML5 Forms Browser Details Chrome 5.0.x supports input types email, number, tel, url, search, and range. Most validation. Firefox Not supported in 3.6. Initial support coming in 4.0.Unsupported input types such as url, email, and range will fall back to a text field. Internet Explorer Not supported, but new types will fall back to a text field rendering. Opera Strong support for initial specifications in current versions, including validation. Safari 4.0.x supports input types email, number, tel, url, search, and range. Most validation. Some types supported better in mobile Safari. Checking for browser support is less useful in the context of the new HTML5 Forms, as they have been designed to degrade gracefully in older browsers. Largely, this means that it is safe for you to use the new elements today, because older browsers will fall back to simple text field displays for any input types that they do not understand. However, as we’ll see later in this chapter, this raises the importance of multi-tier form validation, as it is not sufficient to rely on the presence of browser validators to enforce the data types for your form controls, even if you assume full modern-browser support. Now that we have surveyed the browser landscape, let’s take a look at the new form controls added in the HTML5 specification. An Input Catalog One of the best places to get a catalog of all the new and changed elements in HTML5 is the markup list maintained at the W3C site itself. The W3C keeps a catalog page file at http://dev.w3.org/html5/markup/ This page denotes all the current and future elements in an HTML page. New and changed elements are noted in the catalog list. However, “new” in this list only means that the element has been added since the HTML4 specification—not that the element is implemented in browsers or in a final specification yet. With that warning in place, let’s take a look at the new form elements arriving with HTML5, starting with the ones that are being implemented today. Table 7-2 lists the new type attributes. For example, many HTML developers will be intimately familiar with and . The new input types follow a similar model to the existing ones. CHAPTER 7 ■ USING THE HTML5 FORMS API 172 Table 7-2. New HTML5 Form elements appearing in browsers Type Purpose tel Telephone number email Email address text field url Web location URL search Term to supply to a search engine. For example, the search bar atop a browser. range Numeric selector within a range of values, typically visualized as a slider What do these new input types provide? In terms of programmatic APIs… not a lot. In fact, in the case of the types for tel, email, url, and search, there are no attributes distinguishing them from the simplest input type of text. So, what do you get exactly by specifying that an input is of a specialized type? You get specialized input controls. (Restrictions may apply. Offer void in many desktop browsers.) Let’s illustrate with an example. By specifying that an input is of type email: rather than using the conventional standard which states that a field is merely of type text: you provide a hint to the browser to present a different user interface or input where applicable. You also provide the browser the ability to further validate the field before submission, but we’ll cover that topic later in this chapter. Mobile device browsers have been some of the quickest to take up support for these new form controls types, and they do so by displaying a different input interface based on the type declared. In the Apple iPhone, the standard onscreen keyboard display for an input with type text appears as it does in Figure 7-1. CHAPTER 7 ■ USING THE HTML5 FORMS API 173 Figure 7-1. Onscreen keyboard display for an input with type text However, when an input field is marked as being of type e-mail, the iPhone presents a different keyboard layout customized for e-mail entry, as shown in Figure 7-2. Figure 7-2. Onscreen keyboard display for an input with type email Note the subtle tweaks to the space bar area of the keyboard to allow for the @ symbol and easy access to the period. Similar tweaks to the keyboard layout are done for type URL and type search. However, in the desktop version of the Safari browser—and in any browser that does not explicitly support the types for e-mail, URL, search, and tel—only the normal text input field will be displayed. Future browsers, even the desktop versions, may provide visual hints or cues to the user to indicate that the field is of a certain subtype. Opera, for example, will display a small envelope icon next to a field to indicate that it is expecting an e-mail address. However, it is safe to use these types in your web applications today, as any browser will either optimize for the type or simply do nothing at all. Another specialized type that is gaining traction in browsers now is the . This specialized input control is designed to let users pick from within a range of numbers. For example, a range control could be used in a form to select an age from a range that limits access to minors under the age of, say, 18. By creating a range input and setting its special min and max values, a developer can request that a page display a constrained numerical picker that only operates within the specified bounds. In the Opera browser, for example, the control: CHAPTER 7 ■ USING THE HTML5 FORMS API 174 gives a convenient way to pick a suitable value for age-restricted material. In the latest Opera browser, it displays as follows: Unfortunately, the range input itself doesn’t display a numerical representation of the browser. Moreover, without one, it is practically impossible for the user to know what the currently selected value happens to be. To fix this, one can easily add an onchange handler to update a display field based on changes to the current range value as shown in Listing 7-1. Listing 7-1. onchange handler to update a display field 18 This gives a nice display to our range input, as follows: Opera and the WebKit-based browsers—Safari and Chrome—have now added support for the type range element. Firefox support is planned, but not yet scheduled as of this writing. Firefox will fall back to a simple text element when presented with a range input type. HERE BE DRAGONS Brian says: “The phrase ‘Here be dragons’ is said to have been used in history to denote dangerous areas on maps where unknown perils lurk. The same could be said for the following form elements. Although they are specified, and have been for lengths of time now, most are lacking in actual implementation. As such, expect large changes between now and the time that browser developers have had a chance to play with the designs, smooth the rough edges, and respond with feedback and changes. Rather than rely on the following components as inevitable, take them as a sign of the direction in which HTML5 forms are moving. If you attempt to use them today, the risk you take is your own…” Additional form elements which are planned, but not widely supported yet include the ones listed in Table 7-3: CHAPTER 7 ■ USING THE HTML5 FORMS API 175 Table 7-3. Future HTML5 Form elements Type Purpose number A field containing a numeric value only color Color selector, which could be represented by a wheel or swatch picker datetime Full date and time display, including a time zone, as shown in Figure 7-3 datetime-local Date and time display, with no setting or indication for time zones time Time indicator and selector, with no time zone information date Selector for calendar date week Selector for a week within a given year month Selector for a month within a given year Although some early implementations of these elements are beginning to appear in leading edge browsers (for example, the datetime display in Opera as shown in Figure 7-3), we won’t focus on them in this chapter as they are likely to undergo significant change. Stay tuned to future revisions! Figure 7-3. Display for an input of type datetime CHAPTER 7 ■ USING THE HTML5 FORMS API 176 Using the HTML5 Forms APIs Now that we’ve spent some time familiarizing ourselves with the new form element types, let’s turn to the attributes and APIs that are present on both the old and new form controls. Many of them are designed to reduce the amount of scripting needed to create a powerful web application user interface. You may find that the new attributes give you the power to enhance your user interface in ways that you had not considered. Or, at the very least, you may be able to remove blocks of script in your existing pages. New form attributes and functions First, we’ll consider new attributes, functions, and a few elements that did not previously exist in earlier versions of HTML. Like the new input types, it is generally safe to use these attributes today, whether or not your target browser supports them. This is because the attributes will be safely ignored by any browser on the market today if the browser does not understand them. The placeholder Attribute The placeholder attribute gives input controls an easy way to provide descriptive, alternate hint text which is shown only when the user has not yet entered any values. This is common in many modern user interface frameworks, and popular JavaScript frameworks have also provided emulation of this feature. However, modern browsers have it built-in. To use this attribute, simply add it to an input with a text representation. This includes the basic text type, as well as the semantic types such as email, number, url, etc. In a supporting browser, such as Google Chrome, this causes the field to display a faint version of the placeholder text which will disappear whenever the user or application puts focus into the field, or whenever there is a value present. The same attribute, when running in a non-supporting browser, will just be ignored, causing the default field behavior to display. Similarly, whenever a value is entered in the field, the placeholder text will not appear. CHAPTER 7 ■ USING THE HTML5 FORMS API 177 The autocomplete Attribute The autocomplete attribute, introduced in Internet Explorer 5.5, has finally been standardized. Hooray! (Browsers have been supporting the attribute for nearly as long as its inception, but having a specified behavior helps everyone.) The autocomplete attribute tells the browser whether or not the value of this input should be saved for future. For example: The autocomplete attribute should be used to protect sensitive user data from insecure storage in the local browser files. Table 7-4 shows the different behavior types. Table 7-4. Autocomplete behavior in input controls Type Purpose on The field is not secure, and its value can be saved and restored. off The field is secure, and its value should not be saved. unspecified Default to the setting on the containing . If not contained in a form, or no value is set on the form, then behave as if on. The autofocus Attribute The autofocus attribute lets a developer specify that a given form element should take input focus immediately when the page loads. Only one attribute per page should specify the autofocus attribute. Behavior is undefined if more than one control is set to autofocus. ■ Note Only one autofocus control per page is difficult to achieve if your content is being rendered into a portal or shared content page. Do not rely on autofocus if you are not in complete control of the page. To set the focus automatically to a control such as a search text field, simply set the autofocus attribute on that element alone: Like other boolean attributes, no value needs to be specified for the true case. CHAPTER 7 ■ USING THE HTML5 FORMS API 178 ■ Note Autofocus can annoy users if they are not expecting a focus change. Many users utilize keystrokes for navigation, and switching focus to a form control subverts that ability. Use it only when it is a given that a form control should take all default keys. The list Attribute and the datalist Element The list attribute and datalist element combine to let a developer specify a list of possible values for an input. To use this combination: 1. Create a datalist element in your document with its id set to a unique value. The datalist can be located anywhere in the document. 2. Populate the datalist with as many option elements as needed to represent the full set of suggestions for values of a control. For example, a datalist representing e-mail contacts should contain all of the contact e-mail addresses as individual option children. 3. Link the input element to the datalist by setting the list attribute to a value which is the id of the associated datalist. On a supporting browser, like Opera, this produces a customized list control like the following: The min and max Attributes As seen before in our example for , the min and max attributes allow a numerical input to be constrained to minimum and maximum values. One, both, or neither of these attributes can be provided as necessary, and the input control should adjust accordingly to increase or decrease the range of acceptable values. For example, to create a range control representing a level of confidence in ability from zero% to 100%, the following code could be used as follows: CHAPTER 7 ■ USING THE HTML5 FORMS API 179 This would create a range control with a minimum zero value and maximum of 100, which, coincidentally, are the default values for the same. The step Attribute Also, for input types which expect numerical values, the step attribute specifies the granularity of increments or decrements in value as the range is adjusted. For example, our confidence level range control listed above can be set up with a step attribute of five as follows: This would limit the acceptable values to be increments of five from the starting value. In other words, only 0, 5, 10, 15, … 100 would be allowed either through typed input or through a slider control, depending on the browser representation of the input. The default step value is dependent on the type of control to which it is applied. For a range input, the default step is one. To accompany the step attribute, HTML5 introduces two functions on the input element that allow the value to be controlled: stepUp and stepDown. As you might expect, these functions increment or decrement the current value, respectively. As you might also expect, the amount by which the value is increased or decreased is the value of the step. As such, the value of a numeric input control can be tweaked without direct input from the user. The valueAsNumber Function The new valueAsNumber function is a handy way to convert the value of a control from text to number… and back! That is the case because the valueAsNumber is both a getter and a setter function. When called as a getter, the valueAsNumber function converts the text value of an input field into a number type upon which calculations are allowed. If the text value does not cleanly convert into a number type, then the NaN value (Not-a-Number) is returned. The valueAsNumber can also be used to set the value of an input to a numeric type. For example, our confidence range could be set using a call such as: document.getElementById("confidence").valueAsNumber(65); Make sure the number meets the requirements of the min, max, and step, or an error will be thrown. The required Attribute If any input control has the required attribute set, then a value must be set on it before its form can be submitted. For example, to set a text input field as required, simply add the attribute as shown here: If no value is set on this field, either programmatically or by the user, the ability to submit this form is blocked. The required attribute is the simplest type of form validation, but the capabilities of validation are vast. Let’s discuss form validation in more detail now. CHAPTER 7 ■ USING THE HTML5 FORMS API 180 Checking forms with validation Before we get too deep into specifics, let’s review what form validation really entails. At its core, form validation is a system for detecting invalid control data and flagging those errors for end users. In other words, form validation is a series of checks and notifications that let a user correct the controls of a form before submitting it to the server. But what is form validation, really? It is an optimization. Form validation is an optimization because it alone is not sufficient to guarantee that forms submitted to the server are correct and valid. It is an optimization because it is designed to help a web application fail fast. In other words, it is better to notify a user that a page contains invalid form controls right inside the page, using the browser’s built-in processing. Why bother with the expense of a network round trip just so the server can inform a user that there was a typo in the data entry? If the browser has all the knowledge and capability to catch errors before they leave the client, we should take advantage of that. However, browser form checking is not sufficient to handle all errors. MALICIOUS OR MISUNDERSTOOD? Brian says: “Even though the HTML5 specification goes a long way in improving the ability to check forms within the browser, it is still not a replacement for server validation. It may never be. Obviously, there are many error conditions that require server interaction to verify, such as whether or not a credit card is authorized to make a purchase, or even basic authentication. However, even mundane validation cannot rely solely on clients. Some users may be using browsers that don’t support the form validation features. A few may turn off scripting altogether, which can end up disabling all but the simplest attribute-based validators. Yet other users can utilize an assortment of tools such as the Firefox Greasemonkey addon to modify a page’s content to their…. err, content. This could include removing all form validation checks. Ultimately, it is not sufficient to rely on client-side validation as the sole means of checking any important data. If it exists on the client, it can be manipulated. HTML5 Form validation lets users get important feedback fast, but don’t rely on it for absolute correctness!” That being said, HTML5 does introduce eight handy ways to enforce correctness on form control entry. Let’s examine them in turn, starting with the object that gives us access to their status: the ValidityState. The ValidityState can be accessed from any form control in a browser that supports HTML5 Form validation: var valCheck = document.myForm.myInput.validity; This simple command grabs a reference to the ValidityState object of a form element conspicuously named myInput. This object contains handy references to each of the eight possible validity statuses, as well as an overall validity summary check. CHAPTER 7 ■ USING THE HTML5 FORMS API 181 You can do this by calling: valCheck.valid we can get a Boolean value which informs us whether or not all validity constraints are currently met on this particular form control. Think of the valid flag as a summary: if all eight constraints are passing, the valid flag will be true. Otherwise, if any of the validity constraints fail, the valid attribute will be false. ■ Note The ValidityState object is a live object. Once you grab a reference to it, you can keep a hold of it and the validity checks it returns will update as needed when changes occur. As mentioned before, there are eight possible validity constraints on any given form element. Each can be accessed from the ValidityState by accessing the field with the appropriate name. Let’s look at what they mean, how they can be enforced on a form control, and how you can use the ValidityState to check for them: The valueMissing Constraint Purpose: Ensure that some value is set on this form control Usage: Set the required attribute on the form control to true Usage example: Details: If the required attribute is set on a form control, the control will be in an invalid state unless the user or a programmatic call sets some value to the field. For example, a blank text field will fail a required check, but will pass as soon as any text is entered. When blank, the valueMissing will return true. typeMismatch Purpose: Guarantee that the type of the value matches expectations (number, email, URL, and so on) Usage: Specify one of the appropriate type attributes on the form control Usage example: Details: Special form control types aren’t just for customized phone keyboards! If your browser can determine that the value entered into a form control doesn’t conform to the rules for that type—for example, an email address without an @ symbol—the browser can flag this control as having a type mismatch. Another example would be a number field that cannot parse to a valid number. In either case, the typeMismatch will return true. patternMismatch Purpose: Enforce any pattern rule set on a form control which details specific valid formats Usage: Set the pattern attribute on the form control with the appropriate pattern Usage example: CHAPTER 7 ■ USING THE HTML5 FORMS API 182 Details: The pattern attribute gives developers a powerful and flexible way of enforcing a regular expression pattern on the value of a form control. When a pattern is set on a control, the patternMismatch will return true whenever the value does not conform to the rules of the pattern. To assist users and assistive technology, you should set the title on any pattern-controlled field to describe the rules of the format. tooLong Purpose: Make sure that a value does not contain too many characters Usage: Put a maxLength attribute on the form control Usage example: Details: This humorously-named constraint will return true if the value length exceeds the maxLength. While form controls will generally try to enforce the maximum length during user entry, certain situations including programmatic settings can cause the value to exceed the maximum. rangeUnderflow Purpose: Enforce the minimum value of a numeric control Usage: Set a min attribute with the minimum allowed value Usage example: Details: In any form controls that do numeric-range checking, it is possible for the value to get temporarily set below the allowable range. In these cases, the ValidityState will return true for the rangeUnderflow field. rangeOverflow Purpose: Enforce the maximum value of a numeric control Usage: Set a max attribute with the maximum allowed value Usage example: Details: Similar to its counterpart rangeUnderflow, this validity constraint will return true if the value of a form control becomes greater than the max attribute. stepMismatch Purpose: Guarantee that a value conforms to the combination of min, max, and step Usage: Set a step attribute to specify the granular steps of a numeric value Usage example: Details: This constraint enforces the sanity of the combinations of min, max, and step. Specifically, the current value must be a multiple of the step added to the minimum value. For example, a range from 0 to 100 with steps at every 5 would not allow a value of 17 without stepMismatch returning true. CHAPTER 7 ■ USING THE HTML5 FORMS API 183 customError Purpose: Handle errors explicitly calculated and set by the application code Usage: Call setCustomValidity(message) to put a form control into the customError state Usage example: passwordConfirmationField.setCustomValidity("Password values do not match."); Details: For those cases where the built-in validity checks don’t apply, the custom validity errors can suffice. Application code should set a custom validity message whenever a field does not conform to semantic rules. One common use case for custom validity is when consistency between controls is not achieved, for example if password confirmation fields don’t match. (We’ll delve into this specific example in the “Practical Extras” section.) Whenever a custom validity message is set, the control will be invalid and return the customError constraint as true. To clear the error, simply call setCustomValidity("") on the control with an empty string value. Validation Fields and Functions Together, these eight constraints allow a developer to find out exactly why a given form control is failing a validation check. Or, if you don’t care which specific reason is causing the failure, simply access the Boolean value valid on the ValidityState; it is an aggregate of the other eight constraints. If all eight constraints return false, then the valid field will return true. There are a few other helpful fields and functions on the form controls which can assist you in programming for validation checking. The willValidate Attribute The willValidate attribute simply indicates whether validation will be checked on this form control at all. If any of the above constraints—e.g. the required attribute, pattern attribute, etc.—are set on the control, the willValidate field will let you know that validation checking is going to be enforced. The checkValidity Function The checkValidity function allows you to check validation on the form without any explicit user input. Normally, a form’s validation is checked whenever the user or script code submits the form. This function allows validation to be done at any time. ■ Note Calling checkValidity on a form control doesn’t just check validation, it causes all resulting events and UI triggers to occur just as if the form had been submitted. The validationMessage Attribute This attribute isn’t yet supported by any current browser versions, but it might be by the time you read this. The validationMessage attribute lets you query programmatically a localized error message that the browser would display based on the current state of validation. For example, if a required field has no CHAPTER 7 ■ USING THE HTML5 FORMS API 184 value, the browser might present an error message to the user that “This field requires a value.” Once supported, this is the text string that would be returned by the validationMessage field, and it would adjust according to the current state of validation on the control. Validation feedback On the subject of validation feedback… one topic we’ve avoided thus far is how and when the browser should present the user with feedback on a validation error. The specification does not dictate the terms of how the user interface is updated to present an error message, and existing implementations differ fairly significantly. Consider the case for Opera. In Opera 10.5, the browser indicates that a validation error has occurred by marking the field in error with a popup message and a flashing red field. In contrast, the Google Chrome browser only navigates to the offending field and puts the focus there when an error is found. What is the correct behavior? Neither is specified. However, if you would like to take control of the feedback shown to the user when a validation error occurs, there is an appropriate handler for you to do so: the invalid event. Whenever a form is checked for validity—either due to the form being submitted, or due to the checkValidity function being called directly—any form in an invalid state will be delivered an invalid event. This event can be ignored, observed, or even cancelled. To add an event handler to a field which will receive this notification, add some code similar to Listing 7-2: Listing 7-2. Adding event handlers for invalid events // event handler for "invalid" events function invalidHandler(evt) { var validity = evt.srcElement.validity; // check the validity to see if a particular constraint failed if (validity.valueMissing) { // present a UI to the user indicating that the field is missing a value } // perhaps check additional constraints here… // If you do not want the browser to provide default validation feedback, // cancel the event as shown here evt.preventDefault(); } // register an event listener for "invalid" events myField.addEventListener("invalid", invalidHandler, false); CHAPTER 7 ■ USING THE HTML5 FORMS API 185 Let’s break that code snippet down a bit. First, we declare a handler to receive invalid events. The first thing we do inside that handler is check the source of the event. Recall that the invalid event is fired on the form control with a validation error. Therefore, the srcElement of the event will be the misbehaving form control. From the source, we grab the validity object. Using this ValidityState instance, we can check its individual constraint fields to determine exactly what went wrong. In this case, since we know that our field has a required attribute on it, we first check to see if the valueMissing constraint has been violated. If our check succeeds, we can modify the user interface on the page to inform the user that a value needs to be entered for the field in error. Perhaps an alert or an informative error region could be displayed? This is up to you to decide. Once we’ve told the user what the error is and how to correct it, we need to decide if we want the browser itself to display its built-in feedback. By default, the browser will do just that. To prevent the browser from showing its own error message, we can call evt.preventDefault() to stop the default handling and take care of the matter entirely ourselves. Once again, the choice here is yours. The HTML5 Forms API provides you with the flexibility to achieve a customized API or to fall back to default browser behavior. Turning Off Validation In spite of the power behind the validation API, there are… (ahem) valid reasons why you might want to turn off validation on a control or an entire form. The most common reason is that you might choose to submit the temporary contents of a form to be saved or retrieved for later, even if the contents aren’t quite valid yet. Imagine the case of a user who is entering a complex order entry form, but needs to run an errand midway through the process. Ideally, you might present the user with a “save” button which stores the values of the form by submitting them to the server. However, if the form was only partially completed, validation rules might prevent the content from being submitted. The user would be very displeased if she had to complete or abandon the form due to an unexpected interruption. To handle this, a form itself can be programmatically set with the attribute noValidate, which will cause it to forego any validation logic otherwise present and simply submit the form. Naturally, this attribute can be set either via script or original markup. A more useful way to turn off validation is to set a formNoValidate attribute on a control such as a form submit button. Take the following submit button, set up as a “save” button, for example: This snippet will create a two normal looking submit buttons. The second will submit the form, as usual. However, the first button is marked with the noValidate attribute, causing all validation to be bypassed when it is used. This allows the data to be submitted to the server without checking for correctness. Of course, your server will need to be set up to handle unvalidated data, but best practices dictate that this should be the case at all times. Building an Application with HTML5 Forms Now, let’s use the tools we’ve described in this chapter to create a simple signup page which showcases new features in HTML5 Forms. Turning back to our familiar Happy Trails Running Club, we’ll create a page for race registration that incorporates new form elements and validation. CHAPTER 7 ■ USING THE HTML5 FORMS API 186 As always, the source code for the demo files we show here is available in the code/forms folder. Therefore, we’ll spend less attention on the CSS and peripheral markup, and more on the core of the page itself. That being said, let’s start with a look at the finished page shown in Figure 7-4, then break it down into sections to tackle one-by-one. Figure 7-4. Example page with race signup form This signup page demonstrates many of the elements and APIs we’ve explored in this chapter, including validation. Although the actual display may look somewhat different on your browser, it should degrade gracefully even if the browser does not support a particular feature. On to the code! The header, navigation, and footer have all been seen before on our previous examples. The page now contains a element.

In this first section, we see the markup for the four primary inputs: name, phone, email, and birthday. For each, we’ve set a