Posts Tagged programming

Never output anything to a browser without using a formatting filter

Cross-site scripting (XSS) vulnerabilities can be quite a serious problem if you’re not careful. And if you’re using a framework like CFWheels, you need to be extra careful to protect your output from rendering malicious content.

In this post, I suggest that you must always use a formatting function like EncodeForHtml, DateFormat, or NumberFormat when outputting any dynamic value.

Read the rest of this entry ›


2 types of web developers

I’ve had this sense that there are 2 different types of web developers: artists and robots. “Artists” can think abstractly and design solutions that really feel good. “Robots” obsess over details that often don’t end up mattering to anyone other than themselves.

There are trade-offs to working with either though. Read on to find out what they are.

Read the rest of this entry ›