A Tasty Treats Podcast for Web Developers.

Ask a Potluck Question →
Wes Bos

Wes Bos

Full Stack JavaScript Developer. Creator of really good web development courses. BBQ enthusiast.

Scott Tolinski

Scott Tolinski

Web Developer, Creator of Level Up Tuts, Bboy, Robotops Crew and Youtuber

Playing: 159: Hasty Treat - Front End Security

0:00

LOUDNESS

Episode 224

|

Feb 19th, 2020

Serverless / Cloud Functions - Part 1

Episode 223

|

Feb 17th, 2020

Hasty Treat - Get Movin' With Framer Motion

Episode 222

|

Feb 12th, 2020

Are Web Dev GUIs Going to Replace Us?

Episode 221

|

Feb 10th, 2020

Hasty Treat - The Power of Hobbies

Episode 220

|

Feb 5th, 2020

The Synology Show - Backups and Home Server

Episode 219

|

Feb 3rd, 2020

Hasty Treat - Non-Glamorous Skills You Should Have

Episode 218

|

Jan 29th, 2020

Potluck - Dev Culture Fit × Slack Communities × Vanilla JS × Backpacks × Raspberry Pi × More!

Episode 217

|

Jan 27th, 2020

Hasty Treat - Building A Community Slack, Discord, Spectrum, Discourse, Forums

Episode 216

|

Jan 22nd, 2020

Tech To Watch In 2020

Episode 215

|

Jan 20th, 2020

Hasty Treat - Picking the Stack for uses.tech - Gatsby, React, Context, Styled Components

Episode 214

|

Jan 15th, 2020

2020 Fitness

Episode 213

|

Jan 13th, 2020

Hasty Treat - A Month On Firefox

Episode 212

|

Jan 8th, 2020

Pika Pkg

Episode 211

|

Jan 6th, 2020

Hasty Treat - Modules in Node

Episode 210

|

Jan 1st, 2020

Potluck - Fonts × Frameworks × Teas × Coding Subscriptions × Client Work × More!

Episode 209

|

Dec 30th, 2019

Hasty Treat - Wes Teaches Scott about Keystone.js

Episode 208

|

Dec 25th, 2019

2019 YEAR END Definitely Not a Clip Show

Episode 207

|

Dec 23rd, 2019

Hasty Treat - How We Launch Courses

Episode 206

|

Dec 18th, 2019

State Machines, CSS and Animations with David K Piano

Episode 205

|

Dec 16th, 2019

Hasty Treat - The New MacBook Pro for Web Development

Episode 204

|

Dec 11th, 2019

2019 Gift Guide

Episode 203

|

Dec 9th, 2019

Hasty Treat - What Are Github Actions?

Episode 202

|

Dec 4th, 2019

Potluck - Tabs are better? × Coding Music × SEO × Is Angular good? × Biggie Smalls × Soy Sauce × More!

Episode 201

|

Dec 2nd, 2019

Hasty Treat - New CSS Logical Properties

Episode 200

|

Nov 27th, 2019

Show 200!

Episode 199

|

Nov 25th, 2019

Hasty Treat - So you want to make a course... Will people buy it?

Episode 198

|

Nov 20th, 2019

How To Get Better At Problem Solving

Episode 197

|

Nov 18th, 2019

Hasty Treat - Tips For Writing Good CSS

Episode 196

|

Nov 13th, 2019

Design Foundations For Developers

Episode 195

|

Nov 11th, 2019

Hasty Treat - Buying and Selling Domain Names

Episode 194

|

Nov 6th, 2019

Potluck - Gatsby vs Next × Is Google Home spying on you? × Flat File CMS × CSS Frameworks × Hosting Client Sites × More!

Episode 193

|

Nov 4th, 2019

Hasty Treat - Spooky Stories

Episode 192

|

Oct 30th, 2019

Spooky Web Dev Horror Stories

Episode 191

|

Oct 28th, 2019

Hasty Treat - Scott Moves to iPhone

Episode 190

|

Oct 23rd, 2019

Migrating, Deploying, and Hosting WordPress

Episode 189

|

Oct 21st, 2019

Hasty Treat - React Server Side Rendering

Episode 188

|

Oct 16th, 2019

The Fundamentals - Server Side

Episode 187

|

Oct 14th, 2019

Hasty Treat - Float Tank Experiences

Episode 186

|

Oct 9th, 2019

Potluck - Terminal Configs × CSS Reset × Flexbox × Freelancing × NPM Dependencies × Project Hand-off × More!

Episode 185

|

Oct 7th, 2019

Hasty Treat - Feature + Release Planning

Episode 184

|

Oct 2nd, 2019

Desktop & Mobile Apps With a Single Codebase

Episode 183

|

Sep 30th, 2019

Hasty Treat - Developing Better Habits

Episode 182

|

Sep 25th, 2019

Practical - How would we build Airbnb, Twitter, or Reddit?

Episode 181

|

Sep 23rd, 2019

Hasty Treat - Automating Stuff

Episode 180

|

Sep 18th, 2019

Potluck - Why Webpack? × Serverless × Agencies × Recruiters × CSS Grid × MQ in Styled Components

Episode 179

|

Sep 16th, 2019

Hasty Treat - The TLD Game

Episode 178

|

Sep 11th, 2019

How We Record, Edit, and Host Our Courses

Episode 177

|

Sep 9th, 2019

Hasty Treat - Moving from PHP to Node

Episode 176

|

Sep 4th, 2019

Building Steam Games with React

Episode 175

|

Sep 2nd, 2019

Hasty Treat - Stump'd

Episode 174

|

Aug 28th, 2019

How to Build an API

Episode 173

|

Aug 26th, 2019

Hasty Treat - Wes & Scott Look At Svelte 3

Episode 172

|

Aug 21st, 2019

Potluck - Deploying Applications × Typescript × Live Coding with Twitch × Fullstack Architecture × More!

Episode 171

|

Aug 19th, 2019

Hasty Treat - How To Publish A React Component To NPM

Episode 170

|

Aug 14th, 2019

State In React

Episode 169

|

Aug 12th, 2019

Hasty Treat - Remote Internet

Episode 168

|

Aug 7th, 2019

Blogging

Episode 167

|

Aug 5th, 2019

Hasty Treat - VSCode Love Part 3

Episode 166

|

Jul 31st, 2019

Potluck - What is "State"? × Web Sockets × Remote Working × Firefox × Machines Taking Our Jobs × More!

Episode 165

|

Jul 29th, 2019

Hasty Treat - VSCode Treats Part 2

Episode 164

|

Jul 24th, 2019

A Story About Kanye West and Learning to Code

Episode 163

|

Jul 22nd, 2019

Hasty Treat - Web Dev Resource Sick Picks

Episode 162

|

Jul 17th, 2019

The Fundamentals — JS

Episode 161

|

Jul 15th, 2019

Hasty Treat - VSCode Extensions & Themes

Episode 160

|

Jul 10th, 2019

GraphQL and WordPress

Episode 159

|

Jul 8th, 2019

Hasty Treat - Front End Security

Episode 158

|

Jul 3rd, 2019

The Fundamentals - HTML + CSS

Episode 157

|

Jul 1st, 2019

Hasty Treat - What is a Headless CMS?

Episode 156

|

Jun 26th, 2019

Potluck - Career Switch at 33 × Cover Letters × Kids × Learning Quickly × More!

Episode 155

|

Jun 24th, 2019

Hasty Treat - Making Yourself Uncomfortable To Grow

Episode 154

|

Jun 19th, 2019

SVGs with Sara Soueidan

Episode 153

|

Jun 17th, 2019

Hasty Treat - New Intl Methods Are Straight Fire

Episode 152

|

Jun 12th, 2019

Debugging Tools + Tips

Episode 151

|

Jun 10th, 2019

Hasty Treat - Std Lib in JavaScript

Episode 150

|

Jun 5th, 2019

Gatsby Themes

Episode 149

|

Jun 3rd, 2019

Hasty Treat - Workshops

Episode 148

|

May 29th, 2019

Potluck - CSS × Angular × Dev job preparation × Svelte × File organization × Gear × More!

Episode 147

|

May 27th, 2019

Hasty Treat - Knowing Your Weaknesses

Episode 146

|

May 22nd, 2019

CSS the 😎😎😎 Cool Parts

Episode 145

|

May 20th, 2019

Hasty Treat - AMA - Our Wives, Careers Outside Tech, and Favorites

Episode 144

|

May 15th, 2019

Side Hustles with Courtland Allen from Indie Hackers

Episode 143

|

May 13th, 2019

Hasty Treat - The SHADOW DOM

Episode 142

|

May 8th, 2019

Travis Neilson on Skills Gap, Design, Focus and Working at Google

Episode 141

|

May 6th, 2019

Hasty Treat - Async + Await Error Handling Strategies

Episode 140

|

May 1st, 2019

Potluck - Media Queries × NPM Vulnerabilities × Fullstack JS vs JAMstack × Web VR/AR × Switching Jobs × More!

Episode 139

|

Apr 29th, 2019

Hasty Treat - AMA - Money x Investments x Online Presence x More!

Episode 138

|

Apr 24th, 2019

What's New in Web Development

Episode 137

|

Apr 22nd, 2019

Hasty Treat - CSS Frameworks

Episode 136

|

Apr 17th, 2019

9 Ways to Stay Sane While Working Remotely

Episode 135

|

Apr 15th, 2019

Hasty Treat - Cranky Developers

Episode 134

|

Apr 10th, 2019

Syntax Live React Edition

Episode 133

|

Apr 8th, 2019

Hasty Treat - Tips For A Good Portfolio

Episode 132

|

Apr 3rd, 2019

Potluck - Interview Qs × Headless CMS × React Hooks × Resume Design × Redux vs Context × More!

Episode 131

|

Apr 1st, 2019

Hasty Treat - Bike Shedding

Episode 130

|

Mar 27th, 2019

The VueJS Show (Scott teaches Wes)

Episode 129

|

Mar 25th, 2019

Hasty Treat - Why Use a Frontend Framework at All?

Episode 128

|

Mar 20th, 2019

How To Find Freelance Clients

Episode 127

|

Mar 18th, 2019

Hasty Treat - React Suspense

Episode 126

|

Mar 13th, 2019

Bootcamps vs School vs Self-learning

Episode 125

|

Mar 11th, 2019

Hasty Treat - Communication Skillz

Episode 124

|

Mar 6th, 2019

Potluck - Are classes dead? × Tutorials vs Real Life × CRA vs Next × Scraping × More

Episode 123

|

Mar 4th, 2019

Hasty Treat - Authentication - LocalStorage vs Cookies vs Sessions vs Tokens

Episode 122

|

Feb 27th, 2019

How We Manage Our Lives — Notion, Todos, Notes, Focusing, Calendars, Goal tracking, and more!

Episode 121

|

Feb 25th, 2019

Hasty Treat - Tips to Succeed on YouTube

Episode 120

|

Feb 20th, 2019

Gatsby vs Next

Episode 119

|

Feb 18th, 2019

Hasty Treat - Better Living Through Side Projects

Episode 118

|

Feb 13th, 2019

The Smart Home

Episode 117

|

Feb 11th, 2019

Hasty Treat - How To Email Busy People

Episode 116

|

Feb 6th, 2019

Potluck - Changing careers × Repo organization × CSS Grid × Certifications × Freelancing × Spammers × More

Episode 115

|

Feb 4th, 2019

Hasty Treat - Code Quality Tooling Part 2

Episode 114

|

Jan 30th, 2019

The Freelance Client Lifecycle - Part 2

Episode 113

|

Jan 28th, 2019

Hasty Treat - Code Quality Tooling

Episode 112

|

Jan 23rd, 2019

The Freelance Client Lifecycle - Part 1

Episode 111

|

Jan 21st, 2019

Hasty Treat - Tidying Up Code

Episode 110

|

Jan 16th, 2019

Tips for Work Life Balance

Episode 109

|

Jan 14th, 2019

Hasty Treat - CSS Grid Level 2 aka Subgrid

Episode 108

|

Jan 10th, 2019

Potluck - Where to start with JS × Freelancing × Cron jobs × Split testing × Frameworks in 2019 × More

Episode 107

|

Jan 7th, 2019

Hasty Treat - CSS Units

Episode 106

|

Jan 2nd, 2019

A Look Forward to 2019

Episode 105

|

Dec 31st, 2018

Hasty Treat - CSS and JS Pointer Events

Episode 104

|

Dec 26th, 2018

CSS Layout

Episode 103

|

Dec 24th, 2018

Hasty Treat - Where are they now? Part 2

Episode 102

|

Dec 19th, 2018

Potluck - Typescript × E-commerce platforms × Job-hopping × Working for agencies × more

Episode 101

|

Dec 17th, 2018

Hasty Treat - Where are they now?! Gulp, Grunt, Bower, Backbone and Compass

Episode 100

|

Dec 12th, 2018

Not a Clip Show - Episode 100!

Episode 099

|

Dec 10th, 2018

Hasty Treat - Costs of Running a Business

Episode 098

|

Dec 5th, 2018

The State of JavaScript 2018

Episode 097

|

Dec 3rd, 2018

Hasty Treat - Uses for CSS Variables

Episode 096

|

Nov 28th, 2018

Holiday Gift Guide

Episode 095

|

Nov 26th, 2018

Hasty Treat - Should you install a dependency or roll your own?

Episode 094

|

Nov 21st, 2018

Potluck - $100/hr × Redux Replacements × Full Stack Designers × JWT × VS Code Tips × More

Episode 093

|

Nov 19th, 2018

Hasty Treat - How to become well liked at work

Episode 092

|

Nov 14th, 2018

React Hooks

Episode 091

|

Nov 12th, 2018

Hasty Treat - How to become a Sticker Mogul

Episode 090

|

Nov 7th, 2018

Live at JAMstack_conf

Episode 089

|

Nov 5th, 2018

Hasty Treat - Stumped! 03

Episode 088

|

Oct 31st, 2018

Pre-launch Checklist

Episode 087

|

Oct 29th, 2018

Hasty Treat - Old Browsers, Fallbacks and Polyfills - Part 3

Episode 086

|

Oct 26th, 2018

Potluck - Working with designers × Is WordPress Crap? × When to stop working × More

Episode 085

|

Oct 22nd, 2018

Hasty Treat - Old Browsers, Fallbacks and Polyfills - Part 2

Episode 084

|

Oct 17th, 2018

Fitness for Developers

Episode 083

|

Oct 15th, 2018

Hasty Treat - Old Browsers, Fallbacks and Polyfills - Part 1

Episode 082

|

Oct 10th, 2018

Top 18 New Things in JS - Part 2

Episode 081

|

Oct 8th, 2018

Hasty Treat - Hacktoberfest

Episode 080

|

Oct 3rd, 2018

Top 18 New Things in JS - Part 1

Episode 079

|

Oct 1st, 2018

Hasty Treat - Stumped! 02

Episode 078

|

Sep 26th, 2018

Potluck - JS × Web Components × Security × They took our jobs!

Episode 077

|

Sep 24th, 2018

Hasty Treat - Positivity and Web Development

Episode 076

|

Sep 19th, 2018

Specialization vs Generalization

Episode 075

|

Sep 17th, 2018

Hasty Treat - Feedback and Criticism

Episode 074

|

Sep 12th, 2018

11 Habits of Highly Effective Developers

Episode 073

|

Sep 10th, 2018

Hasty Treat - Reading Documentation

Episode 072

|

Sep 5th, 2018

Accessibility

Episode 071

|

Sep 3rd, 2018

Hasty Treat - Stumped! Interview Questions

Episode 070

|

Aug 29th, 2018

Potluck - Programming Languages × Soft Skills × PHP vs JS × Breakdancing x Spice Blends

Episode 069

|

Aug 27th, 2018

Hasty Treat - Framer X and Prototyping Tools

Episode 068

|

Aug 22nd, 2018

Design Tips for Developers

Episode 067

|

Aug 20th, 2018

Hasty Treat - Goal Setting

Episode 066

|

Aug 15th, 2018

The React Episode

Episode 065

|

Aug 13th, 2018

Hasty Treat - Building Curriculum for Courses

Episode 064

|

Aug 8th, 2018

Our Office Setups (Gotta Get The Gear)

Episode 063

|

Aug 6th, 2018

Hasty Treat - JSON, JSONP and CORS

Episode 062

|

Aug 1st, 2018

Potluck - Editor Fonts × Portfolios × Meetup Tips × Switching to Windows × Freelancing Sources

Episode 061

|

Jul 30th, 2018

Hasty Treat - Whats the deal with npm, yarn and lock files?!

Episode 060

|

Jul 24th, 2018

The Undocumented Web - scraping, private APIs, proxies and “alternative solutions”

Episode 059

|

Jul 23rd, 2018

Hasty Treat - Refactoring

Episode 058

|

Jul 18th, 2018

Advice For Beginners - Tech Skills, Applying for Jobs, Focus, Imposter Syndrome + More

Episode 057

|

Jul 16th, 2018

Hasty Treat - Dot Files

Episode 056

|

Jul 11th, 2018

Design Systems

Episode 055

|

Jul 9th, 2018

Hasty Treat - User Role Systems

Episode 054

|

Jul 4th, 2018

Potluck EP × Remote Work × Headless WordPress × Good Client Questions × Alternate Careers × React API Credentials

Episode 053

|

Jul 2nd, 2018

Hasty Treat - Domain Management

Episode 052

|

Jun 27th, 2018

Marketing for Developers

Episode 051

|

Jun 20th, 2018

Our Workflows — Design, Development, Git and Deployment

Episode 050

|

Jun 13th, 2018

Progressive Web Apps

Episode 049

|

Jun 6th, 2018

Potluck EP × SSR × SEO × Tips for Students × Music × Security × GraphQL

Episode 048

|

May 30th, 2018

VS Code Round Two

Episode 047

|

May 23rd, 2018

How to Get Better at Debugging

Episode 046

|

May 16th, 2018

What's New in Javascript

Episode 045

|

May 9th, 2018

Potluck EP × Is Redux Dead × Learning Quickly × Developing Solo × Specialist vs Generalist × Funnest Projects × Wes’ BBQ Course

Episode 044

|

May 2nd, 2018

How to Learn New Things Quickly

Episode 043

|

Apr 25th, 2018

20 JavaScript Array and Object Methods to make you a better developer

Episode 042

|

Apr 18th, 2018

Potluck EP × Vue.js × Headless WP × Typescript & Flow × Productivity × Server Side Rendering × Yeoman

Episode 041

|

Apr 11th, 2018

Preventing and Dealing with Burnout in Web Development

Episode 040

|

Apr 4th, 2018

The Testing Show

Episode 039

|

Mar 28th, 2018

Is jQuery Dead?

Episode 038

|

Mar 21st, 2018

20 Easy Win Performance Tips

Episode 037

|

Mar 14th, 2018

Recording Screencasts - Hardware, Software, Dos and Don'ts

Episode 036

|

Mar 9th, 2018

Hasty Treat — Freelancing Hot Tips 🔥

Episode 035

|

Mar 7th, 2018

Keeping Up with the Codeashians. Dealing with our fast paced industry.

Episode 034

|

Feb 28th, 2018

Why Static Site Generators are Awesome

Episode 033

|

Feb 21st, 2018

Large Files - CDNs, Image Compression, Video Hosting, and Big Zips

Episode 032

|

Feb 14th, 2018

Designing, Templating, Inlining and Sending Email.

Episode 031

|

Feb 7th, 2018

Wes and Scott's Lives - Breakdancing, BBQ, Wives, Work/Life Balance, Problem Solving, YouTube Subscriptions

Episode 030

|

Jan 31st, 2018

Snack Pack — CSS Frameworks, React HOC, Render Props, Coding Designers, Early Career Advice and a sound board!

Episode 029

|

Jan 24th, 2018

Hosting & Servers — Heroku, Now, Galaxy, Digital Ocean, Linode, Docker, Netlify and more!

Episode 028

|

Jan 17th, 2018

Async + Await

Episode 027

|

Jan 10th, 2018

GraphQL? Here is what you need to know!

Episode 026

|

Jan 3rd, 2018

All About Redux && Cookies vs JWT

Episode 025

|

Dec 27th, 2017

Dealing With Email Overload && Prettier Setups

Episode 024

|

Dec 21st, 2017

All About CSS BEM!

Episode 023

|

Dec 13th, 2017

Web Development in 2017 && a look ahead at 2018 🍾🍷

Episode 022

|

Dec 6th, 2017

Failure

Episode 021

|

Nov 29th, 2017

What's New in CSS? Variables, Scoping, New Selectors and Color Functions

Episode 020

|

Nov 22nd, 2017

Fitness, Nutrition, and Losing Weight

Episode 019

|

Nov 15th, 2017

How to get into Speaking At Conferences

Episode 018

|

Nov 8th, 2017

All About CSS Grid

Episode 017

|

Nov 1st, 2017

22 Buzz Words Explained — Mutations, Pure Functions , Serverless, Hoisting, MVC + More

Episode 016

|

Oct 18th, 2017

Tasty Treats — Rems VS Ems, Remote Work, Making Money, Getting good at Design + more! 🍬

Episode 015

|

Oct 11th, 2017

Advice for New Developers, Imposter Syndrome and Interviewing at Google

Episode 014

|

Oct 4th, 2017

Our Stacks Explained

Episode 013

|

Sep 27th, 2017

The Command Line for Web Developers

Episode 012

|

Sep 20th, 2017

Why is everyone switching to VS Code?

Episode 011

|

Sep 13th, 2017

Our favourite Productivity Hacks 🔥

Episode 010

|

Sep 6th, 2017

CSS in JS 💅👩‍🎤💁🚒 (Drama Free!)

Episode 009

|

Aug 30th, 2017

Dang, that's handy! JavaScript Utility Libraries 🛠️

Episode 008

|

Aug 23rd, 2017

Wes Bos Origin Story 🎸💼💻🔥🐷

Episode 007

|

Aug 9th, 2017

Scott Tolinski Origin Story 🎧 📹 💻 🕺

Episode 006

|

Aug 9th, 2017

Accepting Money on the Internet 💰💸

Episode 005

|

Aug 2nd, 2017

How to Slam Dunk Freelancing

Episode 004

|

Jul 25th, 2017

JavaScript Tooling

Episode 003

|

Jul 19th, 2017

CSS Preprocessors and Structuring CSS

Episode 002

|

Jul 12th, 2017

Webcam and audio access with WebRTC and getUserMedia()

Episode 001

|

Jul 5th, 2017

React Tools

Episode 000

|

Jun 27th, 2017

Preview

Jul 8th, 2019

Hasty Treat - Front End Security

👇 Download Show✏️ Edit Show Notes

In this Hasty Treat, Scott and Wes talk about front end security and what to do in order to avoid hacking.

Sentry - Sponsor

If you want to know what's happening with your errors, track them with Sentry. Sentry is open-source error tracking that helps developers monitor and fix crashes in real time. Cut your time on error resolution from five hours to five minutes. It works with any language and integrates with dozens of other services. Syntax listeners can get two months for free by visiting Sentry and using the coupon code "tastytreat".

Show Notes

2:53 - SSL

  • Encrypted transfer of information
  • Digitally binds a cryptographic key to an organization's details
  • Web-cam, geolocation, etc.

6:15 - innerHTML

  • React's dangerouslySetInnerHTML
    • Name intentionally chosen to be frightening
    • Allows you to write HTML to the DOM
    • Data should be sanitized before used in prop
      • Removes unexpected data from string
      • Used to prevent cross site scripting attacks

10:25 - Don't trust the client

  • The client can be manipulated to send any info to your server
  • E-commerce example — don't take the price total from the front end to make the charge, DB call and calculate on the server
  • Validate form inputs via HTML 5 field validation/check data types on the server
    • Don't allow your users to send an object when it should just be a string
    • Get this for free with GraphQL via types

13:41 - PCI Compliance

  • Protect card holder data
    • SSL or Secure iFrame
  • Encrypt transmission of card data
  • Restrict access to card holder data

  • Restrict physical access

    • Front of front-end

    16:44 - Tips

  • Don't put a name on sensitive fields if you are using JS

  • HTTP only cookies
  • Local Storage tokens
  • XSS

Tweet us your tasty treats!