A Tasty Treats Podcast for Web Developers.

Ask a Potluck Question →
Wes Bos

Wes Bos

Full Stack JavaScript Developer. Creator of really good web development courses. BBQ enthusiast.

Scott Tolinski

Scott Tolinski

Web Developer, Creator of Level Up Tuts, Bboy, Robotops Crew and Youtuber

Playing: 159: Hasty Treat - Front End Security

0:00

LOUDNESS

Episode 214

2020 Fitness

Episode 213

Hasty Treat - A Month On Firefox

Episode 212

Pika Pkg

Episode 211

Hasty Treat - Modules in Node

Episode 210

Potluck - Fonts × Frameworks × Teas × Coding Subscriptions × Client Work × More!

Episode 209

Hasty Treat - Wes Teaches Scott about Keystone.js

Episode 208

2019 YEAR END Definitely Not a Clip Show

Episode 207

Hasty Treat - How We Launch Courses

Episode 206

State Machines, CSS and Animations with David K Piano

Episode 205

Hasty Treat - The New MacBook Pro for Web Development

Episode 204

2019 Gift Guide

Episode 203

Hasty Treat - What Are Github Actions?

Episode 202

Potluck - Tabs are better? × Coding Music × SEO × Is Angular good? × Biggie Smalls × Soy Sauce × More!

Episode 201

Hasty Treat - New CSS Logical Properties

Episode 200

Show 200!

Episode 199

Hasty Treat - So you want to make a course... Will people buy it?

Episode 198

How To Get Better At Problem Solving

Episode 197

Hasty Treat - Tips For Writing Good CSS

Episode 196

Design Foundations For Developers

Episode 195

Hasty Treat - Buying and Selling Domain Names

Episode 194

Potluck - Gatsby vs Next × Is Google Home spying on you? × Flat File CMS × CSS Frameworks × Hosting Client Sites × More!

Episode 193

Hasty Treat - Spooky Stories

Episode 192

Spooky Web Dev Horror Stories

Episode 191

Hasty Treat - Scott Moves to iPhone

Episode 190

Migrating, Deploying, and Hosting WordPress

Episode 189

Hasty Treat - React Server Side Rendering

Episode 188

The Fundamentals - Server Side

Episode 187

Hasty Treat - Float Tank Experiences

Episode 186

Potluck - Terminal Configs × CSS Reset × Flexbox × Freelancing × NPM Dependencies × Project Hand-off × More!

Episode 185

Hasty Treat - Feature + Release Planning

Episode 184

Desktop & Mobile Apps With a Single Codebase

Episode 183

Hasty Treat - Developing Better Habits

Episode 182

Practical - How would we build Airbnb, Twitter, or Reddit?

Episode 181

Hasty Treat - Automating Stuff

Episode 180

Potluck - Why Webpack? × Serverless × Agencies × Recruiters × CSS Grid × MQ in Styled Components

Episode 179

Hasty Treat - The TLD Game

Episode 178

How We Record, Edit, and Host Our Courses

Episode 177

Hasty Treat - Moving from PHP to Node

Episode 176

Building Steam Games with React

Episode 175

Hasty Treat - Stump'd

Episode 174

How to Build an API

Episode 173

Hasty Treat - Wes & Scott Look At Svelte 3

Episode 172

Potluck - Deploying Applications × Typescript × Live Coding with Twitch × Fullstack Architecture × More!

Episode 171

Hasty Treat - How To Publish A React Component To NPM

Episode 170

State In React

Episode 169

Hasty Treat - Remote Internet

Episode 168

Blogging

Episode 167

Hasty Treat - VSCode Love Part 3

Episode 166

Potluck - What is "State"? × Web Sockets × Remote Working × Firefox × Machines Taking Our Jobs × More!

Episode 165

Hasty Treat - VSCode Treats Part 2

Episode 164

A Story About Kanye West and Learning to Code

Episode 163

Hasty Treat - Web Dev Resource Sick Picks

Episode 162

The Fundamentals — JS

Episode 161

Hasty Treat - VSCode Extensions & Themes

Episode 160

GraphQL and WordPress

Episode 159

Hasty Treat - Front End Security

Episode 158

The Fundamentals - HTML + CSS

Episode 157

Hasty Treat - What is a Headless CMS?

Episode 156

Potluck - Career Switch at 33 × Cover Letters × Kids × Learning Quickly × More!

Episode 155

Hasty Treat - Making Yourself Uncomfortable To Grow

Episode 154

SVGs with Sara Soueidan

Episode 153

Hasty Treat - New Intl Methods Are Straight Fire

Episode 152

Debugging Tools + Tips

Episode 151

Hasty Treat - Std Lib in JavaScript

Episode 150

Gatsby Themes

Episode 149

Hasty Treat - Workshops

Episode 148

Potluck - CSS × Angular × Dev job preparation × Svelte × File organization × Gear × More!

Episode 147

Hasty Treat - Knowing Your Weaknesses

Episode 146

CSS the 😎😎😎 Cool Parts

Episode 145

Hasty Treat - AMA - Our Wives, Careers Outside Tech, and Favorites

Episode 144

Side Hustles with Courtland Allen from Indie Hackers

Episode 143

Hasty Treat - The SHADOW DOM

Episode 142

Travis Neilson on Skills Gap, Design, Focus and Working at Google

Episode 141

Hasty Treat - Async + Await Error Handling Strategies

Episode 140

Potluck - Media Queries × NPM Vulnerabilities × Fullstack JS vs JAMstack × Web VR/AR × Switching Jobs × More!

Episode 139

Hasty Treat - AMA - Money x Investments x Online Presence x More!

Episode 138

What's New in Web Development

Episode 137

Hasty Treat - CSS Frameworks

Episode 136

9 Ways to Stay Sane While Working Remotely

Episode 135

Hasty Treat - Cranky Developers

Episode 134

Syntax Live React Edition

Episode 133

Hasty Treat - Tips For A Good Portfolio

Episode 132

Potluck - Interview Qs × Headless CMS × React Hooks × Resume Design × Redux vs Context × More!

Episode 131

Hasty Treat - Bike Shedding

Episode 130

The VueJS Show (Scott teaches Wes)

Episode 129

Hasty Treat - Why Use a Frontend Framework at All?

Episode 128

How To Find Freelance Clients

Episode 127

Hasty Treat - React Suspense

Episode 126

Bootcamps vs School vs Self-learning

Episode 125

Hasty Treat - Communication Skillz

Episode 124

Potluck - Are classes dead? × Tutorials vs Real Life × CRA vs Next × Scraping × More

Episode 123

Hasty Treat - Authentication - LocalStorage vs Cookies vs Sessions vs Tokens

Episode 122

How We Manage Our Lives — Notion, Todos, Notes, Focusing, Calendars, Goal tracking, and more!

Episode 121

Hasty Treat - Tips to Succeed on YouTube

Episode 120

Gatsby vs Next

Episode 119

Hasty Treat - Better Living Through Side Projects

Episode 118

The Smart Home

Episode 117

Hasty Treat - How To Email Busy People

Episode 116

Potluck - Changing careers × Repo organization × CSS Grid × Certifications × Freelancing × Spammers × More

Episode 115

Hasty Treat - Code Quality Tooling Part 2

Episode 114

The Freelance Client Lifecycle - Part 2

Episode 113

Hasty Treat - Code Quality Tooling

Episode 112

The Freelance Client Lifecycle - Part 1

Episode 111

Hasty Treat - Tidying Up Code

Episode 110

Tips for Work Life Balance

Episode 109

Hasty Treat - CSS Grid Level 2 aka Subgrid

Episode 108

Potluck - Where to start with JS × Freelancing × Cron jobs × Split testing × Frameworks in 2019 × More

Episode 107

Hasty Treat - CSS Units

Episode 106

A Look Forward to 2019

Episode 105

Hasty Treat - CSS and JS Pointer Events

Episode 104

CSS Layout

Episode 103

Hasty Treat - Where are they now? Part 2

Episode 102

Potluck - Typescript × E-commerce platforms × Job-hopping × Working for agencies × more

Episode 101

Hasty Treat - Where are they now?! Gulp, Grunt, Bower, Backbone and Compass

Episode 100

Not a Clip Show - Episode 100!

Episode 099

Hasty Treat - Costs of Running a Business

Episode 098

The State of JavaScript 2018

Episode 097

Hasty Treat - Uses for CSS Variables

Episode 096

Holiday Gift Guide

Episode 095

Hasty Treat - Should you install a dependency or roll your own?

Episode 094

Potluck - $100/hr × Redux Replacements × Full Stack Designers × JWT × VS Code Tips × More

Episode 093

Hasty Treat - How to become well liked at work

Episode 092

React Hooks

Episode 091

Hasty Treat - How to become a Sticker Mogul

Episode 090

Live at JAMstack_conf

Episode 089

Hasty Treat - Stumped! 03

Episode 088

Pre-launch Checklist

Episode 087

Hasty Treat - Old Browsers, Fallbacks and Polyfills - Part 3

Episode 086

Potluck - Working with designers × Is WordPress Crap? × When to stop working × More

Episode 085

Hasty Treat - Old Browsers, Fallbacks and Polyfills - Part 2

Episode 084

Fitness for Developers

Episode 083

Hasty Treat - Old Browsers, Fallbacks and Polyfills - Part 1

Episode 082

Top 18 New Things in JS - Part 2

Episode 081

Hasty Treat - Hacktoberfest

Episode 080

Top 18 New Things in JS - Part 1

Episode 079

Hasty Treat - Stumped! 02

Episode 078

Potluck - JS × Web Components × Security × They took our jobs!

Episode 077

Hasty Treat - Positivity and Web Development

Episode 076

Specialization vs Generalization

Episode 075

Hasty Treat - Feedback and Criticism

Episode 074

11 Habits of Highly Effective Developers

Episode 073

Hasty Treat - Reading Documentation

Episode 072

Accessibility

Episode 071

Hasty Treat - Stumped! Interview Questions

Episode 070

Potluck - Programming Languages × Soft Skills × PHP vs JS × Breakdancing x Spice Blends

Episode 069

Hasty Treat - Framer X and Prototyping Tools

Episode 068

Design Tips for Developers

Episode 067

Hasty Treat - Goal Setting

Episode 066

The React Episode

Episode 065

Hasty Treat - Building Curriculum for Courses

Episode 064

Our Office Setups (Gotta Get The Gear)

Episode 063

Hasty Treat - JSON, JSONP and CORS

Episode 062

Potluck - Editor Fonts × Portfolios × Meetup Tips × Switching to Windows × Freelancing Sources

Episode 061

Hasty Treat - Whats the deal with npm, yarn and lock files?!

Episode 060

The Undocumented Web - scraping, private APIs, proxies and “alternative solutions”

Episode 059

Hasty Treat - Refactoring

Episode 058

Advice For Beginners - Tech Skills, Applying for Jobs, Focus, Imposter Syndrome + More

Episode 057

Hasty Treat - Dot Files

Episode 056

Design Systems

Episode 055

Hasty Treat - User Role Systems

Episode 054

Potluck EP × Remote Work × Headless WordPress × Good Client Questions × Alternate Careers × React API Credentials

Episode 053

Hasty Treat - Domain Management

Episode 052

Marketing for Developers

Episode 051

Our Workflows — Design, Development, Git and Deployment

Episode 050

Progressive Web Apps

Episode 049

Potluck EP × SSR × SEO × Tips for Students × Music × Security × GraphQL

Episode 048

VS Code Round Two

Episode 047

How to Get Better at Debugging

Episode 046

What's New in Javascript

Episode 045

Potluck EP × Is Redux Dead × Learning Quickly × Developing Solo × Specialist vs Generalist × Funnest Projects × Wes’ BBQ Course

Episode 044

How to Learn New Things Quickly

Episode 043

20 JavaScript Array and Object Methods to make you a better developer

Episode 042

Potluck EP × Vue.js × Headless WP × Typescript & Flow × Productivity × Server Side Rendering × Yeoman

Episode 041

Preventing and Dealing with Burnout in Web Development

Episode 040

The Testing Show

Episode 039

Is jQuery Dead?

Episode 038

20 Easy Win Performance Tips

Episode 037

Recording Screencasts - Hardware, Software, Dos and Don'ts

Episode 036

Hasty Treat — Freelancing Hot Tips 🔥

Episode 035

Keeping Up with the Codeashians. Dealing with our fast paced industry.

Episode 034

Why Static Site Generators are Awesome

Episode 033

Large Files - CDNs, Image Compression, Video Hosting, and Big Zips

Episode 032

Designing, Templating, Inlining and Sending Email.

Episode 031

Wes and Scott's Lives - Breakdancing, BBQ, Wives, Work/Life Balance, Problem Solving, YouTube Subscriptions

Episode 030

Snack Pack — CSS Frameworks, React HOC, Render Props, Coding Designers, Early Career Advice and a sound board!

Episode 029

Hosting & Servers — Heroku, Now, Galaxy, Digital Ocean, Linode, Docker, Netlify and more!

Episode 028

Async + Await

Episode 027

GraphQL? Here is what you need to know!

Episode 026

All About Redux && Cookies vs JWT

Episode 025

Dealing With Email Overload && Prettier Setups

Episode 024

All About CSS BEM!

Episode 023

Web Development in 2017 && a look ahead at 2018 🍾🍷

Episode 022

Failure

Episode 021

What's New in CSS? Variables, Scoping, New Selectors and Color Functions

Episode 020

Fitness, Nutrition, and Losing Weight

Episode 019

How to get into Speaking At Conferences

Episode 018

All About CSS Grid

Episode 017

22 Buzz Words Explained — Mutations, Pure Functions , Serverless, Hoisting, MVC + More

Episode 016

Tasty Treats — Rems VS Ems, Remote Work, Making Money, Getting good at Design + more! 🍬

Episode 015

Advice for New Developers, Imposter Syndrome and Interviewing at Google

Episode 014

Our Stacks Explained

Episode 013

The Command Line for Web Developers

Episode 012

Why is everyone switching to VS Code?

Episode 011

Our favourite Productivity Hacks 🔥

Episode 010

CSS in JS 💅👩‍🎤💁🚒 (Drama Free!)

Episode 009

Dang, that's handy! JavaScript Utility Libraries 🛠️

Episode 008

Wes Bos Origin Story 🎸💼💻🔥🐷

Episode 007

Scott Tolinski Origin Story 🎧 📹 💻 🕺

Episode 006

Accepting Money on the Internet 💰💸

Episode 005

How to Slam Dunk Freelancing

Episode 004

JavaScript Tooling

Episode 003

CSS Preprocessors and Structuring CSS

Episode 002

Webcam and audio access with WebRTC and getUserMedia()

Episode 001

React Tools

Episode 000

Preview

Jul 8th, 2019

Hasty Treat - Front End Security

👇 Download Show✏️ Edit Show Notes

In this Hasty Treat, Scott and Wes talk about front end security and what to do in order to avoid hacking.

Sentry - Sponsor

If you want to know what's happening with your errors, track them with Sentry. Sentry is open-source error tracking that helps developers monitor and fix crashes in real time. Cut your time on error resolution from five hours to five minutes. It works with any language and integrates with dozens of other services. Syntax listeners can get two months for free by visiting Sentry and using the coupon code "tastytreat".

Show Notes

2:53 - SSL

  • Encrypted transfer of information
  • Digitally binds a cryptographic key to an organization's details
  • Web-cam, geolocation, etc.

6:15 - innerHTML

  • React's dangerouslySetInnerHTML
    • Name intentionally chosen to be frightening
    • Allows you to write HTML to the DOM
    • Data should be sanitized before used in prop
      • Removes unexpected data from string
      • Used to prevent cross site scripting attacks

10:25 - Don't trust the client

  • The client can be manipulated to send any info to your server
  • E-commerce example — don't take the price total from the front end to make the charge, DB call and calculate on the server
  • Validate form inputs via HTML 5 field validation/check data types on the server
    • Don't allow your users to send an object when it should just be a string
    • Get this for free with GraphQL via types

13:41 - PCI Compliance

  • Protect card holder data
    • SSL or Secure iFrame
  • Encrypt transmission of card data
  • Restrict access to card holder data

  • Restrict physical access

    • Front of front-end

    16:44 - Tips

  • Don't put a name on sensitive fields if you are using JS

  • HTTP only cookies
  • Local Storage tokens
  • XSS

Tweet us your tasty treats!