731: Client side security, XSS attacks & CSP with Stripe’s Alex Sexton
Syntax - Tasty Web Development Treats16 Helmi 2024

731: Client side security, XSS attacks & CSP with Stripe’s Alex Sexton

Scott and Wes are joined by security expert, Alex Sexton of Stripe to cover all things: client security, XSS, attack vectors, and CSP (content security policy). Show Notes 00:00 Welcome to Syntax! 00:31 Brought to you by Sentry.io. 00:57 Who is Alex Sexton? 04:44 Stripe dashboard is a work of art. 05:08 Tell us about the design system. React Aria 08:59 Who develops the iOS app? 09:50 Stripe’s CSP (content security policy). 12:50 What even is a content security policy? Content Security Policy explanation 13:57 Douglas Crockford of Yahoo on security. Douglas on GitHub 15:13 Security philosophy. 16:59 What about inline styles and inline JavaScript? 19:41 How do we safely set inline styles from JS? 20:20 Setting up with meta tags. 22:52 What are common situations that require security exceptions? 26:24 Potential damage with inline style tags. 32:45 Looping vulnerabilities. 36:32 What about JavaScript injection? 37:09 Myspace Samy Worm. Myspace Samy Worm Wiki Sentry.io Security Policy Reporting 42:02 Does a CSP stop code from running in the console? 43:28 What are some general security best practices? 46:35 Strategies for rolling out a CSP. 51:49 Final tip, Strict Dynamic. Strict Dynamic 56:36 Where does the CSP live within Stripe? Original Black Friday story 59:35 One last story. 01:01:20 Sick Picks + Shameless Plugs Sick Picks + Shameless Plugs Alex: Wes Bos’ Instagram Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott:X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

Jaksot(988)

956: Should I Keep Using WordPress?

956: Should I Keep Using WordPress?

In this potluck episode, Wes and Scott answer your questions about paid vs. free SSL, the state of frontend jobs, headless WordPress trade-offs, organizing TypeScript types, and more! Show Notes ...

19 Marras 202550min

955: SvelteKit has solved data loading

955: SvelteKit has solved data loading

Scott and Wes break down SvelteKit’s new remote functions and why they finally solve the long-standing pain of page-level data in Svelte. They cover queries, forms, batching, caching, and all the clev...

17 Marras 202536min

954: Fullstack TanStack! The Scoop with Tanner Linsley

954: Fullstack TanStack! The Scoop with Tanner Linsley

Live from GitHub Universe, Wes and Scott talk with Tanner Linsley about the latest from TanStack, including TanStack DB’s local-first syncing, new routing ideas, and fresh perspectives on server compo...

12 Marras 202518min

953: Why v0 creator left Vercel to fix GitHub (GOAT Jared Palmer)

953: Why v0 creator left Vercel to fix GitHub (GOAT Jared Palmer)

Scott and Wes sit down with Jared Palmer of GitHub (formerly of Vercel) to unpack all the biggest announcements from GitHub Universe 2025. They dive into the future of developer workflows with agents,...

10 Marras 202516min

952: VS Code, GitHub & Copilot - UNIVERSE 25 Announcements + Reactions

952: VS Code, GitHub & Copilot - UNIVERSE 25 Announcements + Reactions

Live from GitHub Universe, Wes, Scott, and CJ talk about the latest AI and developer tools from GitHub, including Agent HQ, Copilot integrations, and the new mission control for agents. They also shar...

5 Marras 202535min

951: A first look at Remix 3

951: A first look at Remix 3

Scott and Wes dive into Remix 3, exploring how it embraces native web standards like Events, Signals, and Streams to become a truly full-stack framework. They unpack what “LLM-ready,” thin APIs, and a...

3 Marras 202547min

950: Even SCARIER Web Dev Nightmares (Spooky Stories Pt. 2)

950: Even SCARIER Web Dev Nightmares (Spooky Stories Pt. 2)

In part 2 of this year’s Spooky Stories special, Wes and Scott discuss the most chilling developer horror stories—from six-month-old unprocessed donations and runaway dog-food orders to vanishing data...

29 Loka 202557min

949: Web Dev HORROR Stories + Spooky Trivia! (Spooky Stories Pt. 1)

949: Web Dev HORROR Stories + Spooky Trivia! (Spooky Stories Pt. 1)

It’s that time of year again, Scott (as Dracula) and Wes (as a big bad shark) return for their annual Spooky Stories special! They’re joined by a mysterious guest for a round of creepy coding trivia a...

27 Loka 202540min

Suosittua kategoriassa Politiikka ja uutiset

uutiscast
aikalisa
ootsa-kuullut-tasta-2
politiikan-puskaradio
rss-ootsa-kuullut-tasta
rss-vaalirankkurit-podcast
tervo-halme
viisupodi
rss-podme-livebox
et-sa-noin-voi-sanoo-esittaa
rss-asiastudio
otetaan-yhdet
rikosmyytit
the-ulkopolitist
rss-girls-finish-f1rst
rss-raha-talous-ja-politiikka
radio-antro
rss-kaikki-uusiksi
linda-maria
rss-sinivalkoinen-islam