Hasty Treat - Front End Security

If you want to know what's happening with your errors, track them with Sentry. Sentry is open-source error tracking that helps developers monitor and fix crashes in real time. Cut your time on error resolution from five hours to five minutes. It works with any language and integrates with dozens of other services. Syntax listeners can get two months for free by visiting Sentry and using the coupon code "tastytreat".

Show Notes

2:53 - SSL

Encrypted transfer of information
Digitally binds a cryptographic key to an organization's details
Web-cam, geolocation, etc.

6:15 - innerHTML

React's dangerouslySetInnerHTML
- Name intentionally chosen to be frightening
- Allows you to write HTML to the DOM
- Data should be sanitized before used in prop
  - Removes unexpected data from string
  - Used to prevent cross site scripting attacks

10:25 - Don't trust the client

The client can be manipulated to send any info to your server
E-commerce example — don't take the price total from the front end to make the charge, DB call and calculate on the server
Validate form inputs via HTML 5 field validation/check data types on the server
- Don't allow your users to send an object when it should just be a string
- Get this for free with GraphQL via types

13:41 - PCI Compliance

Protect card holder data
- SSL or Secure iFrame
Encrypt transmission of card data
Restrict access to card holder data
Restrict physical access
- Front of front-end
16:44 - Tips
Don't put a name on sensitive fields if you are using JS
HTTP only cookies
Local Storage tokens
XSS

Tweet us your tasty treats!

Scott's Instagram
LevelUpTutorials Instagram
Wes' Instagram
Wes' Twitter
Wes' Facebook
Scott's Twitter
Make sure to include @SyntaxFM in your tweets

Playing: 159: Hasty Treat - Front End Security

Supper Club × Authoring Browser Extensions with Tim Leland

Home Automation - A Look Ahead

New Viewport Units

Supper Club × Edge Functions and Deno with Eduardo Bouças of Netlify

Potluck - Headless WordPress, Databases, Regex

I can has() new CSS Selector?!

Supper Club × Is No Code going to take our jobs? with Connor Finlayson

Syntax Live at Reactathon

Stopping Malicious Actors

Supper Club × Coding Burnout and Gardening with Anselm Hannemann

Git in VS Code

Cache Control Headers Explained

Supper Club × RedwoodJS with Tom Preston-Werner

TypeScript Tooling Explained

Scott’s New Office × The Levelup Lodge

Supper Club × Turborepo with Jared Palmer

Potluck - Protestware × NoSQL × Next.js × ESM × Jest

Why do we need Web Interop? Another Standards Body?

Supper Club × NX Monorepos with Victor Savkin

10 Nifty Browser APIs

TypeScript Fundamentals × Narrowing, Discriminating Unions, and Type Guards

WTF is the Edge? Edge Compute / Functions

Why do people still use Axios over Fetch?

JavaScript × STUMP’D

Building a Coupon Engine

Potluck - Working on a Team × Dealing with Imposter Syndrome × Animating on the Web × Icon Libraries × Demanding Clients

Svelte Cubed + 3D In Browser

Potluck - Multi Tenant Apps, JS Sprinkles, Kids Coding, Server Error Handling

How To Be Consistent

Making Content × What is our Process? Youtube, Blog Posts, Courses, Conference Talks, and Podcasts

Types in JS?

Syntax Highlight

What’s Up With Vitest?

Our Stacks Explained

SSL Certs, Approvals and Cloudflare

Potluck - Handling Auth × Are Web Dev Real Developers? × Handling Git Conflicts × Converting PNG to Box-Shadow × Bad Docs vs No Docs × Making Shopify Headless

Hasty Treat WTF × SSR vs JamStack vs Serverless?

Part 2 of Wes and Scott React to the State of JS

Sticker Mogul 2022

Wes and Scott React to the State of JS

This vs That × map vs reduce, forEach vs for in, and more!

Ben Vinegar × Distributed Tracing and TypeScript Migrations

JavaScript in 2022 - New, Coming and Proposed Features

Potluck - Selling Themes × Which Browser Should Devs Use? × Where Do You Keep 2FA Codes? × Remix vs Svelte Kit × Getting Unstuck from Tutorial Hell

Code Explorers

Creator of Wordle - Josh Wardle

Pros + Cons of JavaScript Servers, Serverless, and Cloudflare Workers

Syntax Highlight

Teamwork Makes The Dream Work

Monorepos! Workspaces, pnpm, turborepo + more!

Updating Project Dependencies

New Year, New You. What to Focus on in 2022.

CSS + JS Hacks We’re Fine With

Potluck

Remix!

2022 Predictions

JS One Liners

2021 In Review

Holiday Snackluk

Gitpod, iPad Coding, Web3, WTF NFT

Gatsby v4

Potluck - enums, WASM, Lighthouse, Redirects

How To Do Things In Svelte

JavaScript and Hardware × Cars, Factories, Heavy Industry, Robots, and the Internet of Things

Meta Tags

Everything in web dev is Amazing!

Github Co-pilot is Gonna Take ur Job

Troubleshooting

The Macbook Pro Show - Wes and Scott Get New Laptops

Potluck — Copilot × Glasses × Databases × Dealing with Stress × Employment vs Self-Employment × Auth in GraphQL × Headless CMS × More!

Hasty Treat - Next.js 12

Web Containers, StackBlitz, and Node.js in the Browser with Tomek Sulkowski

Hasty Treat - What's the deal with Astro?

STUMP'D Interview Questions - CSS Edition

Hasty Treat - How to Setup a PNPM Monorepo

Horror Web Dev Stories - 2021

Hasty Treat - Hasty Horror Stories

Potluck — Coding for Kids × MongoDB Hosting × NoMoreFoo × Best Cities for Dev Jobs × GraphQL Resolvers × Package Security × Prototypes and Portfolios × More!

Hasty Treat - Handy Utility Functions with Just