Wingman: In-Browser Validation

  Chris [09.18.08 04:52 AM]

Er, what about security? I don't like the idea of my online bank account details being posted to some third party server for "HTML validation" ...

There's a reason why some pages are hidden behind complex logins.

  Koz [09.18.08 06:47 AM]

Chris,

Wingman is only active when you tell it to be. You click start when you want to begin testing, and click stop when you're finished.

So unless you're deliberately turning the validator on when you log in to internet banking, you don't have anything to worry about.

However those of us who build sites behind complex logins and want to validate them, can't use the existing validators without jumping through a whole lot of hoops. We built wingman to make this process a little easier. It's meant for use when you're validating your own site, not while you're just browsing the web.

  Maksim Khrapov [09.18.08 07:30 AM]

Thanks for sharing a product I can't use. It's not shipping. It's "invite only". Come back when it's actually available.

  Ryan Williams [09.18.08 11:25 AM]

Doesn't the FF Web Developer Toolbar's "Validate Local HTML" and "Validate Local CSS" serve the same purpose? It's been around for a while.

  Vasudev Ram [09.18.08 01:18 PM]

Koz,

First off, it's great that Rowan and you have released Wingman, and congrats for the idea and implementation. I can see the potential benefits it has for web application developers.

I would have tried out Wingman but can't since it's invite-only; I've signed up to be notified.

Maybe I'm wrong, but I think Chris may have a point - about security.

Here is an example for why I think so: Developers who use Wingman to validate pages generated by their app after users log in, may not be aware of the security issues such as the online banking example Chris gave. So in that case they might use Wingman in such scenarios.

(Mind you, this is only considering inadvertent usage. Malicious usage is a separate topic and can't be ruled out, but in that case, if the developer of an app you use is malicious, they could do other things that compromise your security anyway. So I'm not going into that.)
At the least, it may be an idea to put a prominent not

It might be helpful to at least put a prominent notice in the README or web page that is seen during the installation (since it is an FF plugin), stating the potential issues and cautions one is advised to take ...

- Vasudev
jugad2.blogspot.com

  Vasudev Ram [09.18.08 01:24 PM]

Oops, regarding my previous comment above, sorry about the incomplete sentence in it:

>At the least, it may be an idea to put a prominent not

Browser screen got messed up while I was writing (not sure why), so didn't see it.

  Matt Mickiewicz [09.18.08 01:31 PM]

Probably also of interest is "Dust Me Selectors" - a Firefox plug-in app that finds unused CSS selectors:

http://www.sitepoint.com/dustmeselectors/

  Douglas [09.18.08 02:25 PM]

I'm a little confused - what does this do that the Html Validator for Firefox extension by Marc Gueury doesn't already do?

Marc's extension works regardless of where you are - because the html validator is locally installed. It validates dynamically generated content. It doesn't consume any bandwidth.

I'd have to admit to being concerned about potentially confidential material that's on a secure site being send offsite by someone using this tool who isn't security conscious.

Is the data transfer secure at all?

  Vasudev Ram [09.18.08 02:39 PM]

Douglas:

>I'd have to admit to being concerned about potentially confidential material that's on a secure site being send offsite by someone using this tool who isn't security conscious.

Right, that was precisely the point made in my first comment above, and also by Chris.

But didn't know about the Html Validator for Firefox extension, thanks - will check it out ...

  Andy Lester [09.19.08 05:46 PM]

I came to tell about HTML Validator, but was beaten to it.

HTML Validator is a godsend, especially for validating dynamically generated pages. It will auto-validate as the page loads, so you get a little icon in the status bar that shows if there are errors. Plus, you can mark certain warnings to ignore, so if you just don't care about unclosed <p> tags, for example, you don't have to hear about 'em.

  Rowan [09.20.08 06:43 PM]

Thanks for all of your comments.

We're sending out more invites everyday. If you're interested in trying out Wingman please register at http://getwingman.com and you won't have to wait more than a couple of days at most.

Because we have no idea how much usage a tool like this will get we decided to be conservative to begin with. As soon as we're confident that what we have is working well we'll open it up for anybody to download and use.

We realise there are a number of alternative validators available - we've used (and use!) many of them ourselves.

A couple of things that Wingman does which other validators do not (as far as I know):

We let you keep a history of pages you've validated in the past - so you can see if your code is getting better or worse.

Also, by aggregating information about which errors other people are choosing to ignore we hope to create a validator that separates out the noise.

This is just our first release. There is a lot more that we'd like to do with this.

Again, thanks for those people who have given us their thoughts already.

  Alfons [09.22.08 12:14 AM]

Vasudev Ram:

>Right, that was precisely the point made in my first comment above, and also by Chris.But didn't know about the Html Validator for Firefox extension, thanks - will check it out ...

HTML Validator is a godsend, especially for validating dynamically generated pages. It will auto-validate as the page loads, so you get a little icon in the status bar that shows if there are errors

  Frank [09.22.08 12:44 PM]

Sounds like a good way to validate also the dynamic pages of own user areas.
But it is invite-only ?!
Just sent an email, any information when it will be released ?

  Vasudev Ram [09.24.08 09:20 PM]

Hey Alfons - Your comment spam attempt is EPIC FAIL :) (using words from current popular slang :)

I am reporting you and your site to the legal authorities for investigation ...

In your above comment, you haven't even added a single word of your own to the discussion. You've just copied Andy Lester's comment wholesale and tried to make it look as though it is your comment.

I refer to this:

In your comment above, after quoting my previous
comment (which was in reply to Douglas), where I said that I "didn't know about the Html Validator for Firefox extension, thanks, will check it out" --- all you've done is copy word-for-word, part of Andy Lester's comment that starts with "HTML Validator is a godsend, especially for validating dynamically generated pages." This, without so much as mentioning that you agree with Andy Lester, or adding any new points of your own.

I don't even think that you did it by mistake - since you copied Andy's words verbatim - and didn't add any thoughts of your own.

It's clear you're trying to create the impressions that those words were your own, when they clearly are not.

This is obvious linkbait - PARTICULARLY AFTER SEEING THE URL that your name (in the comment header) points to - trying for some traffic by cheap and stupid tactics. You dork! :) Next time onwards, if you have any brains and guts, try to generate interest in your site by genuine methods - after first creating a site worth visiting.

- Vasudev