Infrequently Noted

Thanks to the Ajaxian's for linking my last post on the topic of what we need from IE. As I've been responding to the comments, it occured to me that it's not quite fair to poke IE in the eye when there are issues (like WYSIWYG) where we need the help of all the browser vendors to get something useful done. That in mind, here's my generic Browser.Next list of 10 issues that would give Ajax libraries a break and let app authors worry less.

It should be noted, first, that these issues are designed to be small, (relatively) easily implemented point solutions to accute problems. They are intentionally not on the scale of "add a new tag for..." some feature or "standardize and implement XBL" or even "make renderers pluggable". While those would all be good, the current pace of browser progress makes me think they're beyond the pale.

This list also tries to avoid vendor-specific issues (of which there are a pile, and many of them may be much more pressing on a per-browser basis than the below issues). Lastly, I'm also not asking for standardization of these things in short order (although it's clearly preferable). We DHTML hackers are hearty folk. We'll take whatever they give us, but we could deliver much, much better developer and end-user experiences if only the browser vendors would all give us:

• Event Opacity: we need a way to tell browsers that for some nodes in the z-index stack that events should be passed through to their background. For instance, when implementing drag-and-drop, Ajax libraries have a stark choice: attempt to calculate the locations of all drop targets to enable dragging of the source with offset (expensive hitbox calculations, ahoy!) or move the drag shadow with an offset from the cursor (efficient and what we do in 0.9, but visually unsatisfying). Yes, yes, there are WHATWG specs for drag-and-drop and various browser vendors have implemented them to some extent for some time, but what I'm asking for here is much more constrained: a single API extension that can help us deliver better experiences until all the browsers get DnD right. There are also lots of other use cases where visual decorations should be able to defer their events to underlying elements (think drop shadows, etc.)
• Long-Lived Connections: this was on my IE7 list, but it's still a problem nearly everywhere. The basic issue is that we can't implement Comet reliably because if two tabs both keep a long-lived connection to the same server, no other connections can open up to that server, meaning that normal Ajax (and even style changes) will be blocked. Very often this means that an app will appear to be locked up. One solution is to provide a way to specify in an HTTP header that a connection will be long lived or to provide pages a way to request more concurrent connections be made available to a particular server (on a per-tab basis, and with a hard limit, of course). If feasible, it might just suffice to just break the global lock connection limits and make them per-tab in general. Whatever the solution, we need ways to be able to have multiple tabs each able to create Comet connections without worrying.
• Expose [DontEnum] To Library Authors: The contortions that Ajax toolkit vendors go through to keep iteration over JavaScript objects and primitives coherent is, quite simply, insane. Much of Dojo, in particular, is designed around this problem. Giving us a way to say that a property is [DontEnum], before ES4 lands, would go a long way toward alleviating this back pressure.
• Fast LiveCollection -> Array Transforms: That many DOM apis return live collections is a bug, but it need not be fatal. Browser vendors could start to provide a simple toArray() method on these live collections to provide a way to "fix" them in place.
• Provided A Blessed Cache For Ajax Libraries: Long story short, Ajax libraries are going to be here for a while. The idea that a browser is going to be so good that it will remove the need for a JS library simply doesn't hold water any more, and even if one browser was that good, the other browsers wouldn't be and none of them would be pervasive enough given current upgrade trends. We need to be able to better support our own patches to the browsing platform, and we need the browser vendors to get on board and realize that Ajax toolkits aren't a threat. We can't be...we don't have enough leverage. With all of that being true, it's high time for the browser vendors to provide Ajax toolkit vendors a way to specify a canonical URL or hash scheme which would bypass the network entirely, cross-site. This is something of an extension to the CDN concept for Ajax toolkits, but would go a long way to fundamentally changing the way Ajax toolkits evolve. Instead of fretting about how much 10K on the wire is going to degrade the user experience, we can focus on delivering better and better tool sets, even behind the firewall or offline (where CDN usage isn't feasible).
  Obviously, this one is going to require some vendor coordination, but it's the kind of thing where if one vendor does it (well), everyone else should follow quickly without much risk. The Open Ajax Alliance could even function as a body to provide a list of toolkits and hashes to browser vendors should they demure from the task themselves. Lastly, before the flames start rolling in on this topic, I should note that I'm proposing this with some hesitation. Who are we (the Ajax toolkits) to suggest that our content deserves a more "blessed" cache position than site content? I've been wrestling with this for a long time, but now believe that we don't have much of a choice. This solution is good for everyone and while it has the potential to create an uneven playing filed, I think that can be handled at an organizational level.
• Mutation Events: The browsers already know when a new item is added to a DOM, why can't they tell us, the poor toolkit/framework authors? I'm not going to suggest in this list that browser vendors should fully figure out HTML tag subclassing since it will generally require architecture changes for the least capable browsers (*cough* IE *cough*). Instead, point solutions like mutation events everywhere will go a long way to allowing us to further band-aid their brokenness and allow us to more seamlessly upgrade content while we wait for the new-tag cavalry to arrive.
• onLayoutComplete: onDomReady doesn't cut it. Toolkits that want to avoid FOUC when applying behaviors and progressive enhancement to pages are currently attempting to get into the page rendering stream as early as possible. The problem is that for anything that needs to manage layout of widgets on the page, we need to know the dimensions, and that also must mean that CSS has been applied and any initial flow computations have been completed. Obviously, there are issues with progressive rendering of a page, but generally speaking I beleive toolkits are looking to browser vendors for a semantic that is roughly equivalent to "after onDomReady, but potentially before all images have finished loading, inform us when the layout and geometry have stabilized."
• HttpOnly cookies: There's a lot wrong with WebAppSec these days, and the traditional trust boundaries are constantly under attack. Worse, none of the browser vendors seem to feel it's their responsibility to figure out cross-domain or JS sandboxing. This infuriating state of affairs leads directly to my next item, but the minimum any browser vendor should be required to do is to implement HttpOnly cookies. It's no silver bullet, but it's another tool in the toolbox and one we need badly.
• Bundle Gears: Until it's primary APIs are put through the standardization process and introduced in browsers natively, any browser that includes Flash support should, out of good-faith respect for the Open Source and Open Web nature of its intent, bundle Google Gears as soon as it's stable. A commitment to do so in the future will suffice until that time.
• Standardize on the Firebug API's: Firebug provides great debugging and performance profiling APIs. These need to be built in so that we can stop shipping Firebug Lite around the net ad-infinitum (as we do in Dojo 0.9). Being able to have built in timing tic/tock apis and a UI to view it would be a hugely useful. This falls far short of other proposals that have been floated for unified debugging APIs and protocols, but again represents the least vendors can do to alleviate the pain.

So that's my list...what's on yours? What am I forgetting? And how should we organize to ask the vendors for these in a way that will really stick?