Hasty Treat - Front End Security

If you want to know what's happening with your errors, track them with Sentry. Sentry is open-source error tracking that helps developers monitor and fix crashes in real time. Cut your time on error resolution from five hours to five minutes. It works with any language and integrates with dozens of other services. Syntax listeners can get two months for free by visiting Sentry and using the coupon code "tastytreat".

Show Notes

2:53 - SSL

Encrypted transfer of information
Digitally binds a cryptographic key to an organization's details
Web-cam, geolocation, etc.

6:15 - innerHTML

React's dangerouslySetInnerHTML
- Name intentionally chosen to be frightening
- Allows you to write HTML to the DOM
- Data should be sanitized before used in prop
  - Removes unexpected data from string
  - Used to prevent cross site scripting attacks

10:25 - Don't trust the client

The client can be manipulated to send any info to your server
E-commerce example — don't take the price total from the front end to make the charge, DB call and calculate on the server
Validate form inputs via HTML 5 field validation/check data types on the server
- Don't allow your users to send an object when it should just be a string
- Get this for free with GraphQL via types

13:41 - PCI Compliance

Protect card holder data
- SSL or Secure iFrame
Encrypt transmission of card data
Restrict access to card holder data
Restrict physical access
- Front of front-end
16:44 - Tips
Don't put a name on sensitive fields if you are using JS
HTTP only cookies
Local Storage tokens
XSS

Tweet us your tasty treats!

Scott's Instagram
LevelUpTutorials Instagram
Wes' Instagram
Wes' Twitter
Wes' Facebook
Scott's Twitter
Make sure to include @SyntaxFM in your tweets

Playing: 159: Hasty Treat - Front End Security

Hasty Treat - Forms, Captchas, Honeypots, Dealing With Malicious Users and the Sad State of Contact Forms

Our React Wish List

Hasty Treat - Rural and Mobile Internet Revisited

Potluck - Libraries vs Frameworks × Firefox × Career Advice For Teenagers × Who Would Win a Thumb War? × More!

Hasty Treat - Some Neat CSS Functions That You Should Know About

The Fundamentals Leftovers - Terminal, Shortcuts, View Source, Github + More!

Hasty Treat - Scott Goes Linux with Pop OS

WebRTC and Peer-to-Peer Video Calling with Ian Ramzy

Hasty Treat - Slow Connections Part 2

Headless CMS Break Down & Roundup

Hasty Treat - Developing for Slow and Spotty Connections

Potluck - Courses for Kids × Sub-Components × Recursion × DB Hosting × Frameworks × Data Structures & Algorithms × More!

Hasty Treat - Should You Support IE11?

Scott Teaches Wes Svelte and Sapper

Hasty Treat - Scott's New Personal Website

What's New in Javascript

Hasty Treat - Wes' New Personal Website

Bootcamps, Getting a Job, and Income Share Agreements with Heather Payne

Hasty Treat - Things You Should Know About Javascript Events

Potluck Part 2 - Magic GQLess × Are classes dead? × Custom Hooks × Staying Up To Date × CSS × More!

Hasty Treat - Getting Buy-in for a Tool Like Prettier From Your Team

Potluck - Mobile First × Arrow Functions × Deno × JSON APIs × Refactoring Tips × More!

Hasty Treat - 5 More Things That Make Your Site Slow

Thinking Ahead for Emergency UI When Building a Website

Hasty Treat - 5 Things That Make Your Site Slow

Working From Home During the Pandemic (With or Without Kids)

Hasty Treat - Abstraction

Mental Health and Dev ft Dr. Courtney Tolinski - Depression, Anxiety, Imposter Syndrome, Focus, Motivation, Burnout

Hasty Treat - Get Gud at Passwords & Password Management

Potluck - Bootcamps × Career Change × Figma × Gatsby × AMP × Mongoose × More!

Hasty Treat - Purchasing Power Parity

React Hooks - 1 Year Later

Hasty Treat - Hiring an Assistant

Soft Skills Tips

Hasty Treat - Scott asks Wes about Cloudflare

More on Severless - Databases × Files × Secrets × Auth × More!

Hasty Treat - The Status of Element Queries / Container Queries

Potluck - Next vs Gatsby × Headless CMS × Vue.js × Is Ruby on Rails still good? × More!

Hasty Treat - What makes a server fast?

Serverless / Cloud Functions - Part 1

Hasty Treat - Get Movin' With Framer Motion

Are Web Dev GUIs Going to Replace Us?

Hasty Treat - The Power of Hobbies

The Synology Show - Backups and Home Server

Hasty Treat - Non-Glamorous Skills You Should Have

Potluck - Dev Culture Fit × Slack Communities × Vanilla JS × Backpacks × Raspberry Pi × More!

Hasty Treat - Building A Community Slack, Discord, Spectrum, Discourse, Forums

Tech To Watch In 2020

Hasty Treat - Picking the Stack for uses.tech - Gatsby, React, Context, Styled Components

2020 Fitness

Hasty Treat - A Month On Firefox

Pika Pkg

Hasty Treat - Modules in Node

Potluck - Fonts × Frameworks × Teas × Coding Subscriptions × Client Work × More!

Hasty Treat - Wes Teaches Scott about Keystone.js

2019 YEAR END Definitely Not a Clip Show

Hasty Treat - How We Launch Courses

State Machines, CSS and Animations with David K Piano

Hasty Treat - The New MacBook Pro for Web Development

2019 Gift Guide

Hasty Treat - What Are Github Actions?

Potluck - Tabs are better? × Coding Music × SEO × Is Angular good? × Biggie Smalls × Soy Sauce × More!

Hasty Treat - New CSS Logical Properties

Show 200!

Hasty Treat - So you want to make a course... Will people buy it?

How To Get Better At Problem Solving

Hasty Treat - Tips For Writing Good CSS

Design Foundations For Developers

Hasty Treat - Buying and Selling Domain Names

Potluck - Gatsby vs Next × Is Google Home spying on you? × Flat File CMS × CSS Frameworks × Hosting Client Sites × More!

Hasty Treat - Spooky Stories

Spooky Web Dev Horror Stories

Hasty Treat - Scott Moves to iPhone

Migrating, Deploying, and Hosting WordPress

Hasty Treat - React Server Side Rendering

The Fundamentals - Server Side

Hasty Treat - Float Tank Experiences

Potluck - Terminal Configs × CSS Reset × Flexbox × Freelancing × NPM Dependencies × Project Hand-off × More!

Hasty Treat - Feature + Release Planning