731: Client side security, XSS attacks & CSP with Stripe’s Alex Sexton
Syntax - Tasty Web Development Treats16 Feb 2024

731: Client side security, XSS attacks & CSP with Stripe’s Alex Sexton

Scott and Wes are joined by security expert, Alex Sexton of Stripe to cover all things: client security, XSS, attack vectors, and CSP (content security policy). Show Notes 00:00 Welcome to Syntax! 00:31 Brought to you by Sentry.io. 00:57 Who is Alex Sexton? 04:44 Stripe dashboard is a work of art. 05:08 Tell us about the design system. React Aria 08:59 Who develops the iOS app? 09:50 Stripe’s CSP (content security policy). 12:50 What even is a content security policy? Content Security Policy explanation 13:57 Douglas Crockford of Yahoo on security. Douglas on GitHub 15:13 Security philosophy. 16:59 What about inline styles and inline JavaScript? 19:41 How do we safely set inline styles from JS? 20:20 Setting up with meta tags. 22:52 What are common situations that require security exceptions? 26:24 Potential damage with inline style tags. 32:45 Looping vulnerabilities. 36:32 What about JavaScript injection? 37:09 Myspace Samy Worm. Myspace Samy Worm Wiki Sentry.io Security Policy Reporting 42:02 Does a CSP stop code from running in the console? 43:28 What are some general security best practices? 46:35 Strategies for rolling out a CSP. 51:49 Final tip, Strict Dynamic. Strict Dynamic 56:36 Where does the CSP live within Stripe? Original Black Friday story 59:35 One last story. 01:01:20 Sick Picks + Shameless Plugs Sick Picks + Shameless Plugs Alex: Wes Bos’ Instagram Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott:X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

Avsnitt(986)

978: Should A New Coder Use AI?

978: Should A New Coder Use AI?

Wes and Scott answer your questions about AI agents, learning to code with AI, pagination patterns, skilling up from outdated tech stacks, balancing side projects with family life, real-world hacking ...

11 Feb 1h 2min

977: We built a CSS Challenge platform

977: We built a CSS Challenge platform

Scott and Wes break down how they built SynHax, the real-time CSS Battle app powering the upcoming Mad CSS tournament. From SvelteKit and Zero to diffing algorithms, sync conflicts, and a last-minute ...

9 Feb 41min

976: Pi - The AI Harness That Powers OpenClaw W/ Armin Ronacher & Mario Zechner

976: Pi - The AI Harness That Powers OpenClaw W/ Armin Ronacher & Mario Zechner

Wes and Scott talk with Armin Ronacher and Mario Zechner about PI, a minimalist agent harness powering tools like OpenClaw. They unpack why Bash is “all you need,” the risks of agents, workflow adapta...

4 Feb 57min

975: What’s Missing From the Web Platform?

975: What’s Missing From the Web Platform?

Scott and Wes run through their wishlist for the web platform, digging into the UI primitives, DOM APIs, and browser features they wish existed (or didn’t suck). From better form controls and drag-and...

2 Feb 50min

974: Clawdbot (Moltbot), Agents and the Age of Personal Software

974: Clawdbot (Moltbot), Agents and the Age of Personal Software

Wes and Scott talk about building hyper-specific personal software with AI. They explore personal agents, home automation, JSON-as-a-database, and how LLMs unlock fast, custom apps that reduce frictio...

28 Jan 46min

973: The Web’s Next Form: MCP UI (with Kent C. Dodds)

973: The Web’s Next Form: MCP UI (with Kent C. Dodds)

Scott and Wes sit down with Kent C. Dodds to break down MCP, context engineering, and what it really takes to build effective AI-powered tools. They dig into practical examples, UI patterns, performan...

26 Jan 48min

972: These Things Make Your App Feel Like Crap on Mobile

972: These Things Make Your App Feel Like Crap on Mobile

Wes and Scott talk about why mobile web apps often feel “janky” compared to native—and how to fix it. They cover input zooming, accidental horizontal scroll, pointer/user-select quirks, frame rate con...

21 Jan 38min

971: Stackoverflow and Firefox are Dead?

971: Stackoverflow and Firefox are Dead?

Is Stack Overflow actually dying, and what does that mean in an AI-driven dev world? Scott and Wes break down the latest web dev news, from Firefox’s AI crossroads and Apple’s browser engine changes t...

19 Jan 46min

Populärt inom Politik & nyheter

svenska-fall
aftonbladet-krim
p3-krim
rss-krimstad
fordomspodden
rss-expressen-dok
flashback-forever
motiv
aftonbladet-daily
rss-sanning-konsekvens
spar
blenda-2
rss-vad-fan-hande
olyckan-inifran
svd-ledarredaktionen
rss-krimreportrarna
rss-frandfors-horna
dagens-eko
rss-flodet
kungligt