Tales from the Evil Empire

Bertrand Le Roy's blog


Bertrand Le Roy

BoudinFatal's Gamercard

Tales from the Evil Empire - Blogged

Blogs I read

My other stuff


February 2009 - Posts

The PlayStation’s Flower power

flower Yesterday, I bought Flower for the PS3 and played it through in one sitting (the game is really short but still, couldn’t get my hands off the controller once I started).

This game is one of the best things I’ve seen in gaming this year. It’s beautiful, poetic, more contemplative experience than game. There is not the shadow of a doubt that this thing is art. What really interested me was the way it tells a story without a word. I’m convinced that the acceptance of video games (or any medium) as art is conditioned by its ability to find storytelling methods that are unique to it and that are impossible to reproduce outside of it. Flower is one of those games that do exactly that.

There are many things I dislike about the PS3, but one has to admit Sony knows how to produce original, quirky and high-profile games (Patapon, LocoRoco and Pain are other examples).

Flower is well worth your $9.99 but you have to be aware it will last only about two hours.

Posted: Feb 16 2009, 03:34 PM by Bertrand Le Roy | with no comments
Filed under:
VirtualAlbion using Deep Zoom and SeaDragon Ajax

Lionhead recently published a high resolution map of Albion (the world of Fable II in case you’re not into games). The map is pretty nice and very detailed. It’s a huge image (45.8MB, 16 megapixels) that they built for people to print and hang on their walls. When I saw that, I immediately thought how great this would work with Deep Zoom and SeaDragon Ajax. Of course, once we have virtually infinite zooming abilities, it would be even better if the map zoomed into detailed sub-maps of the various cities of Albion. Oh well, maybe they’ll do that eventually (or someone else will take on the task).

Anyways, I thought this was a great opportunity to show an end-to-end walkthrough of how I built that online version of the full resolution Albion map.

  1. Download the map file to local hard drive. Extract the TIF file from the zip archive.
  2. Download and install the Deep Zoom Composer tool.
  3. Run Deep Zoom Composer, click “new project”, name it “Albion”.
  4. In the Import tab, click “Add image…”:DeepZoomAddImage
  5. Navigate to the TIF file, select it and click “open”. Wait for the file to be imported.
  6. Go to the Compose tab, drag the image and drop it onto the design surface (anywhere, it doesn’t matter as we’re only putting one image on the surface):DeepZoomDragImage
  7. Go to the Export tab, and click “Create a PhotoZoom account” if you don’t have one already. The alternative is to host the tile files yourself but the PhotoZoom option is by far the simplest.
    Follow the instructions (they are really simple) and create an album from the web site and name it “Albion”.
  8. Sign in using your LiveID account from the Composer application.
  9. Switch to “Existing Albums”, where you should see “Albion”, then click “select album cover” and click “OK” in the dialog that will open and that should contain only the map image. Click “Publish” and wait for the project to upload. DeepZoomExistingAlbums
  10. Now comes the tricky part. I’ve asked the SeaDragon people to take a look as there is a step here that is far from optimal, apparently because a link that used to be on the album page was removed. All of the instructions under this step should be replaced with a simple copy and paste once this is fixed.
    Navigate to the album’s page. The url should be something like
    Now we need to find the url to copy and paste into the SeaDragon Ajax embedding page. Use the “View Source” command of your browser to get at the page’s source code. Look for the <object> tag. It should have a <param> tag named “initParam” that points to a url like http%3a%2f%2fphotozoom.mslivelabs.com%2fDZ%2f100%2f0%2fCollection%2fzece309bc8c7f465fbca8087784612173%2fcollection.xml. Copy this url into the address bar of the browser and decode it by replacing ‘%3a’ with ‘:’ and ‘%2f’ with ‘/’. The url I got out of that process was:

    Press the return key to navigate to that url and again use the “View Source” option. You should see something like this:
    <Collection MaxLevel="8" TileSize="256" Format="jpg" NextItemId="1" xmlns="http://schemas.microsoft.com/deepzoom/2008">
        <I Id="0" N="0" Source=
          <Size Width="4000" Height="4000" />
          <Viewport Width="1" X="-0" Y="-0" />
    Copy the part between “Image” and “.xml”, close the browser tab and paste the url on the address bar, replacing the current url, starting at “Collection”. The resulting url should look something like this:

    This is the url of your Deep Zoom image. Copy that url.
  11. Navigate to http://livelabs.com/seadragon-ajax/embed-viewer. Paste the url of your Deep Zoom Image into the form field and press “Build Embed”.
  12. You can then modify the dimensions of the viewer (I chose 500px by 500px) and press “Build Embed” again.
  13. Copy the HTML code that appears below the viewer. This is the code you need to embed into the target web page.

Voilà. The viewer should just work once you’ve followed these steps. I hope this helps and that step 10 is fixed soon. Deep Zoom is a fantastic tool and being able to build your own and host it for free is a great thing.

UPDATE: this is now completely obsolete. The SeaDragon team now has a super-easy web-based tool. Just give it the URL of an image file on the web, and they will give you the code to embed the SeaDragon/DeepZoom view of it. http://www.seadragon.com.

VsDoc for jQuery 1.3.1 now available

John Resig tells us he just uploaded the VsDoc file for jQuery 1.3.1 to jquery.com. This enables IntelliSense for the latest available jQuery.

jQuery VsDoc file for 1.3.1 available from jquery.com

Download the file from the jQuery downloads page:

More info on what this is:

How to choose a client template engine

Water lenses, (c) 2007 Bertrand Le Roy Disclaimer: I worked on the Microsoft Ajax 4.0 template engine, so my criteria are of course heavily influenced by our own design.

Templates are a data rendering method that server-side developers have enjoyed since the old days of classic ASP and PHP. The idea was quite simple (add code blocks and dynamic expressions directly into HTML markup) but it revolutionized web development, which before that relied on the opposite method (spitting HTML from CGI code).

On the client-side, the browser provides two ways to generate HTML: innerHTML and the DOM API. Template rendering is of course possible, but only using a JavaScript library. To be honest, one should mention XSLT here, which is standard and widely supported but whose somewhat unusual syntax has had limited success convincing web developers.

There are literally dozens of template engines available today, using many different markup conventions and algorithms. Template engines are not equal, they have different levels of complexity, different feature sets, different security models. It can be quite hard to pick one, and it really depends on the requirements of your application and also on taste.

I’ll try to go over a few things that you might want to check on a template engine. You will want to cherry-pick what’s important to you and what’s not so that you can pick the tool that’s best adapted to your problem.

1. Expression delimiter

A template system is adding new semantics to an existing language. This is not completely harmless as you have to give a new meaning to sequences of characters that were understood before as plain literals. That means that an escaping mechanism must exist to express the literal contents that were given a new meaning. For example, if the expression delimiters are <%= and %>, how do you express the “<%=” and “%>” sequences of characters as literals?

<%= and %> are by far the most common and familiar delimiters (they have been used by ASP, PHP, JSP, ASP.NET and many others), but they have one flaw that couldn’t be seen back in 1996: XHTML compliance. Granted, you may not care at all about XHTML. If you don’t, just skip this. But if you do, any template engine that uses <%= %> simply can’t have template code that is XHTML-compliant. Now this may still not be a big deal if you don’t care that the template code is compliant, but only care about the generated markup.

But there is another reason why <%= %> is a bad choice: it’s conflicting with the server-side. A client-side engine must be able to coexist peacefully with whatever server-side technology you’re using. If your server technology of choice is using <%= %> like it very likely does, it will be conflicting with your client templates. The server-side engine will kick in when it sees these delimiters and will fail one way or another.

We chose {{ }} as the expression delimiter (and also {expr } for extensible markup expressions such as {binding }), which happens to be the same choice that Django made (and Dojo, as they implement Django on  the client-side, and by the way I don’t know how they manage conflict with server-side Django; if you know, drop me a comment). It works fine with XHTML and it doesn’t conflict with ASP or PHP. If you want to express the “{{“ literal, we don’t provide an escape sequence per se, but you can still do it by writing {{ “{{“ }}.

On a final note, there are a few template engines that do not have expression delimiters but instead rely on microformats. While this absolutely preserves the HTML semantics, it’s often clumsier to use and quite limiting. It’s a matter of taste, but microformats also can look like markup within markup.

2. Expression language

In the simplest cases, you’ll want to inject a simple data field into the template, like {{ Price }}. But many times, you’ll want to go beyond those simple cases and embed a more complex expression into the markup. For example, you might want to display that price with two decimal places, like $42.00. In order to handle that case and more complex ones, it is necessary to have a full expression language.

In the same way, if the template engine allows for code blocks to introduce control structures such as conditional execution or loops, it needs a full programming language.

Some template engines, such as Django, introduce their own new language. Others, such as ours, just use what’s already available and familiar: JavaScript. In addition to being familiar, it eliminates the need to write a parser and interpreter, which reduces library code size and gives better performance.

3. Protection against injection attacks

If you don’t know what an injection attack is… wow. Just wow. Go read this, now. Seriously.

The frightening thing about almost any single one of the client template engines out there is that they have no mechanism in place to protect against injection attacks, which puts the responsibility to encode and check contents in the hands of the application developer. That’s you.

Most of the engines out there are using a very simple algorithm to build HTML: array joining, and then injecting the result using innerHTML. This is very similar to building SQL by concatenating strings: in a nutshell, you shouldn’t do that. In the same way that SQL is better built using parameterized queries, HTML is more securely built using the DOM API which just eliminates the need for encoding.

Even when using encoding or the DOM API, there is a number of attributes that still present a fair amount of danger if user data gets injected in them. For example, if you bind the href attribute of a link to a piece of user data, no amount of encoding will protect the application against a user injecting “javascript:doSomeEvil();”.

To prevent that kind of attack, we white-list the protocols in all known URL attributes to relative URLs, http and https. It is possible for the application to extend this white list as needed (available in Microsoft Ajax 4.0 Preview 4 and later).

One thing to understand is that the dangerous contents here is the data, not the template itself, which is trusted as application code is.

4. Template location

Depending on the library, the template can be embedded in comments, in script tags or just be part of the DOM. It can also be included from a separate file.

Putting the template in comments or script tags easily hides its markup from initial rendering, but it makes it harder to design with existing tools and puts it out of the reach of markup validation tools.

Including from a separate file adds one more request to the server, which might be a problem or not: it might also improve performance by allowing partial caching. The best is to have a choice here, so I’d reject an engine where external files is the only possibility, knowing that all other engines allow external files with minimal effort by feeding a simple XHR’s result into the system.

Instead of using script tags or comments, we chose to embed the template as real HTML contents anywhere in the document and just hide it from initial rendering using CSS. This makes the code designable using any existing tool, and enables us to use the browser’s native HTML parser to understand the structure of the markup.

5. Hooking up events and instantiating components

In a modern Web application, you won’t just create plain HTML, you’ll want to hook up events and instantiate components. The template engine might let you do this inline, which is obtrusive but convenient, or it might require you to enrich the DOM after template instantiation through code, or it might give you a choice between the two.

One thing to look for is how much knowledge of the template markup’s shape must be injected into the code in order to enrich the DOM.

For a picture of the different possibilities using our engine, read this post:

6. Live bindings

One big advantage of client rendering is that the data remains under raw data form until it reaches the template engine. That means that you have a representation of the data on the client. This in turn means there is an opportunity to monitor changes to the data and to bind UI directly to it, eliminating round-trips to the server along the way.

We call this ability live bindings and it makes for very responsive applications that are still easy to build.

7. Constraints on markup shape

One thing you should try with any template engine is to repeat a row in a table, using IE. This may sound trivial, but innerHTML doesn’t work on IE in a number of places, which puts a constraint on the markup that you need to write to render certain shapes of HTML. There is almost always a workaround but it can be more or less painful to implement. Try and compare, see what you find reasonable.

8. Ease of data field access

This one is quite simple. Some template engines force you to access the current data item’s field through some special syntax such as “$T.price”. In our engine and several others, you just write “price”.

9. Readability

This one is quite subjective, but when choosing a template engine, just look at a few samples. Does the code hurt your eyes? Can you understand it right away?

10. Performance

A template engine must be able to render a reasonable number of data items with a reasonably complex template under the perception threshold. What’s “reasonable” pretty much depends on your application design, but I’d say a hundred items in a typical grid layout should be hardly noticeable. So before you choose, do a mock-up of your design and data and try it. Increase the number of items and see where rendering starts to get noticeable. Usually rendering performance is not linear so this should give you a good idea of how far you can go with each engine. Better to determine that before you invest heavily in one engine.

11. XHTML compliance

As I said above, this is one you might not care about. Don’t leave yet, it actually goes both ways, as an engine, by enforcing XHTML compliance, might potentially get in the way of writing HTML the way you want.

The lowest level of compliance is that the rendered output is compliant. Being template engines, most if not all engines enable you to create compliant or horribly broken markup, depending on your own style. What it must absolutely not do is prevent you from generating compliant markup.

The second level of compliance is that the template code itself, before data is injected, is compliant. This is much less common. Even less common is that the compliance requirement does not impose too strong a constraint on the markup you have to write.

In other words, a good template engine lets you write XHTML but doesn’t force you to.

12. Nested templates

Rendering a template within a template might look like a whacky scenario at first if the engine understands control structures such as loops. In reality, if you include something like live bindings into the mix, you will want for example an inner template to be re-drawn when the outer data item changes. This will be much easier to achieve with nested templates.

So if this is a scenario that you care about, make sure that your engine handles that case gracefully.

In conclusion

There are many engines to choose from, and many criteria to check. I’m quite convinced that our own offering is pretty solid for all these criteria and offers a good compromise of features against simplicity and performance.

There is another engine that I quite like because it’s an impressively small bit of code that remains useful, and that is John Resig’s micro-template engine, which is only 20 lines of code. Like our own engine, it “compiles” the template into a reusable function that takes the data as a parameter. But unlike ours, it has no security mechanism and has issues with some markup, which may or may not be an issue for you. It’s a different kind of compromise that puts code size and simplicity before any other consideration.

I hope this helps in making a choice.

A good resource on client templates:

John Resig’s micro-templates:

ASP.NET 4.0 Ajax Preview 3:

UPDATE: added performance and XHTML compliance to the list from Dave Reed’s feedback, and nested templates from Keith’s.

More Posts