Linkto: Scriptaculous Cheat Sheet

mitch — Mon, 24 Apr 2006 13:22:06 +0000

Amy Hoy offers up Scriptaculous Cheat Sheet #1, a “Field Guide to Script.aculo.us Combination Effects”. Basic effects syntax all on a single-page PDF. Nicely done.

Linkto: Create Your Own Ajax Effects

mitch — Thu, 20 Apr 2006 04:05:05 +0000

Thomas Fuchs, creator of the Script.aculo.us JavaScript effects library shows you how to create your own Ajax effects. Roll your own fabulous Web 2.0 effects using the amazing Script.aculo.us effects engine.

Cross-site Scripting Techniques and Prevention

mitch — Tue, 18 Apr 2006 23:17:59 +0000

ALA serves up a great article addressing the dangers of cross-site scripting (XSS) vulnerabilities. Author Niklas Bivald says,

Validating and sanitizing user input is no longer optional. Consider what your users really need to do, think about what characters they need to accomplish those tasks, and strip/convert as necessary to protect your community.

Part 1 provides examples of XSS attacks, and a checklist for validating input. An upcoming Part 2 promises to deliver techniques for closing these vulnerabilities and preventing attacks on your sites and communities.

The excitement generated by the popularity of Ajax technologies and all the flashy new Web 2.0 applications, along with a wealth of published tutorials and “howtos”, must entice many to dive head first into web development. My guess is, many do this with little or no thought to the implications these technologies might have on security. I am happy to see XSS addressed, even if in such a simple manner, and hope to see more of these types of tutorials.

mitch's meanderings » JavaScript

Linkto: Scriptaculous Cheat Sheet

Linkto: Create Your Own Ajax Effects

Cross-site Scripting Techniques and Prevention