If you change the window.history.pushState() call to window.history.replaceState(), it doesn't add bazillions of entries to your history, which makes it slightly more practical.
javascript:var dashes = ""; var num = 20; while(--num) dashes += "-"; setInterval(function() { window.history.replaceState("", "", dashes.slice(0, num % 20) + "foo" + dashes.slice(num % 20)); num++;}, 500)
That's sort of the point, isn't it? As it's continuously changing the URL ... I could see this used to make it difficult or impossible for people to leave sites, except by closing the window.
You're correct. Only the path (and not the domain) can be changed.
From the article:
* For security reasons, you can only change the path of the URL, not the domain itself. So you can change anything in the URL after my-domain.com/[change-the-stuff-here.html].
Cookies have this problem, too (anyone from the same domain sees your cookies, and you can't really count on the cookie path). So does XMLHTTPRequest. Same origin[1] is pretty much the governing rule here; there wasn't any point in making pushState any more secure than the rest of the system.
It's not just horrifying URL schemes, it would make the feature useless for any "web app" - take Grooveshark for example. A user can go from /artist/x/1234 to /song/x/1234 which seems pretty reasonable and not very horrifying.
This is the greatest html5 feature I've never heard of, and it's really going to change how everybody make web apps.
Here's my wild prediction: 10 years from now, with the benefit of hindsight, we will trace the moment where Google's Page Rank empire started to crumble to the introduction of this html5 feature.
However, discovering this makes me wonder what other incredibly useful but as yet unknown html5 features are out there in the wild?
By decoupling urls in the browser from urls in the web app, it's only going to increase the amount of content in the Deep Web that Google can't index. I imagine it'll be difficult to make GoogleBot crawl and index "pages" after large swaths of the web are using this. And once this Javascript feature is in jQuery, then we can expect a huge number of web developers to start using it by default.
I don't know how much Javascript the GoogleBot currently parses and/or executes, but I imagine it would be enormously complex to embed v8 into the crawler, and then execute all Javascript on every page and determine what to index on a "page." If we ever get to the point where you can't screen scrape a web app without also executing its Javascript, then PageRank-like methods become less effective, and we'll need more semantic approaches to search. It's a great thing such semantic approaches don't yet exist!
Some Google crawls already execute Javascript; they could easily do so more extensively if that were the only way to reach valuable content.
Also, Google is already promoting a convention for making the various parts of an AJAX application reachable via different URL-#fragments more easily crawlable. See:
Microsoft for one would love to have a big chunk of Internet real estate that couldn't be found and indexed by Google.
It's funny you mention Facebook. I would say Facebook's chief motive right now is to stop Google from encroaching upon their territory, so Facebook wants to put up as many speed-bumps as possible around Google. Basically that means keeping Google sandboxed—it's okay to let Google index anything they want and throw that up on an ordered SERP, but no way can we let them grow elaborate ivy APIs and web-based UIs around our walled-garden of user generated content. (i.e. Buzz.)
Given Microsoft's ownership and early partnering with Facebook, Microsoft and Facebook have aligned interests in keeping Google in the sandbox.
It's exactly the feature I desperately wanted a few months ago, but then I modified the UI so that it loads a page for each piece of information that's important enough to have it's own URL and the result was considerably simpler to use. This feature will make it very easy to write overly complicated interfaces. Designers will have to be careful.
Scrolling status bars used to be all the range in the 90s, I wonder how long until url hacks allow for scrolling address bars with this.