In my opinion "JavaScrip: the good parts" is a good book. It is a little bit different than other books i have read so far but it contains a few great fragments and just for that reason it is worth reading it.

The book is very short but it is a good thing. Author expects some knowledge of programming and JavaScript it self and does not waste time on lengthy examples or tedious explanations. Book is focused all the time and reading it is quite entertaining.

• Read more

Finally i got a book that is truly worth recommending! It is a very good book and i think every web developer should read it.

Book is a sort of a continuation of another good book High performance websites but to be honest i think i like this one more.

Book is very condensed, there is no wasted page in it. Information is well structured and you can see that authors prepared well for the publishing. Information is backed by a decent research and some of the tricks are really cool.

• Read more

I am happy to present the first release of Ultimate web encoder.

I am a developer and i work a lot with ajax, javascript, PHP, json etc. It is quite often that i need to decode, replace encode something and i always go through the same process of searching for base64 encoder or decoder or other tools via google.

So lately i thought 'how about i do it once and for all', and this is how Ultimate web encoder came to live : )

It is a free online tool that will let you build a chain of transformations with a few simple frag and drops. It will also allow to apply the transformation multiple times as you do not even reload the page. Its all AJAX under the hood.

• Read more

I just came across a very nice example of how to track external clicks on your website.

• Read more

XSS can be caused by inserting pieces of html or javascript in different places of the page (HTML) or CSS / JS files loaded.

To prevent XSS you will have to escape all the strings coming from GET/POST/COOKIES before you output them. You should escape things that come from other sources as well in case there is XSS attack string (for example dont include posts from RSS without escaping them properly).

• Read more

When i say you should not generate CSS files dynamically i mean actually you should not put PHP variables into it.

From my experience it causes all sorts of problems from security to performance and caching. If you do not have to do it just don't. You cant still merge CSS files to have less requests per page and this is fine, but do not generate each file dynamically just join them and make sure its a safe way to do so.

• Read more

Some websites validate some bits and pieces but fail in other cases assuming that user will not pass anything strange there.

French OS Con website is and example of that XSS security risk.

• Read more

The simplest way to find XSS security hole is to look for forms and ajax calls that result in printing request parameters on the returned page.

Here is some simple example which took 5 mins to find. Just go to a website you want to verify and look for forms and action urls.

This example shows UCD website XSS vulnerability (possible in 2010).

This is a sample to show how to locate XSS attacks, do not try to hack sites this way

• Read more

There is a very little known method of injecting javascript int CSS files. It would not work in all the browsers (works in my latest IE8) but it is important fact to know.

• Read more

Cross site scripts lead to a number of security issues. The most important to remember are:

• Session Hijacking - hacker steals user's session by getting his cookies and gets access to user's account
• Cross Site Forgery Request - hacker uses users account to perform operation that was not intended at all

• Read more

I have came across a nice new javascript debugging console from ExtJS.

It is a simplified version of firebug but the good thing is that it works in any browser so you can use debigging and inspecting of your code and pages in any browser in the same way.

• Read more

Drupal is awesome but from time to time you have to modify something to get what you need.

I love latest jquery and I always have my own custom made frontent user facing theme so I thought it would be cool to include latest jquery in my custom made theme and keep the 1.3.2 version that is compatible with drupal in garland theme.

After doing so I can have all the features working like drag and drop, file uploads etc in my administration account and I can use latest coolest jquery plugins on my frontend.

• Read more

I had a chance to work a bit with a new page speed and JS mimification tool from google and i have to say its really cool.

The tool i am talking about is closure compiler and page speed and you can find it here

Web performance is not all about database calls and PHP speed. Its also about how many elements you have to be downloaded, in what order, how big are they, can they be cached, can they be compressed etc. Page speed helps you to figure out how to speed up the loading time not the html generation time. Pages consist of many js, css files as well as images. Knowing what causes delays is crucial to successful website performance optimization.

• Read more

Its a really great Jquery book. I liked a lot the fact the authors simply let you see the power of jquery not getting too deeply into javascript. There is no cross/browser details or low level tricks.On the other side authors dont skip over important details.

Book has a very good structure and consistently presents Jquery API. I thik there is not much more you could expect from the book in that area.

• Read more

Pro JavaScript Techniques is not a great book. I am not sure was it that i did not like the writing style or that is focused on stuff that i just don't find exciting.

While reading the book i felt like too much emphasis was put on cross browser differences and low level APIs. I felt like there was not enough focus on JavaScrip as a language and general programming patterns and techniques. It may be good reference if you want to write another jQuery or something but if you prefer to build on shoulders of giants you will be disappointed as i was.

• Read more