A River of Words - JavaScript

Bob Ippolito on JSON Hijacking

nospam@example.com (TML) — Tue, 04 Nov 2008 13:14:00 -0700

The always brilliant author of the `from future import *` blog brings us an article discussing a potential JavaScript Hijacking [pdf] scenario – the simple answer is “Don’t send JSON data as a list, send it as an object instead”. That is, if you wanted to send:

["foo", "bar"]

you can avoid the security hole by sending something like this instead:

{"data": ["foo", "bar"]}

and then stripping the object on the other end.

Stupid JavaScript Tricks: Make Page Editable

nospam@example.com (TML) — Thu, 16 Oct 2008 15:17:45 -0600

Drag this Make Page Editable link to your “Bookmarks Toolbar” in recent versions of Firefox, and click on it to enable the built-in “Page Composer”, allowing you to edit any page you want!

Return from hiatus, and a quick jQuery example

nospam@example.com (TML) — Thu, 21 Aug 2008 22:37:10 -0600

Sorry for the break – I spent the past week or so frantically preparing for, and then attending, my Director’s annual off-site planning meeting. As always, it was a valuable experience – the opportunity to interact with Managers in a more relaxed setting, and to see how each of us attacks a given problem from so many different angles, is incredibly cool. Plus, I got to play golf again.

Today I’m bringing you a quick example of how to use jQuery to check with a Service to see whether the user should be allowed to toggle the state of a given checkbox. In my example, the “Service” only allows you to check boxes labelled with a prime number. I’m sure there’s a more jQuery-approved method, but this one was simpler to figure out than .val() – I couldn’t figure out how to make that *un*check a box.