731: Client side security, XSS attacks & CSP with Stripe’s Alex Sexton
Syntax - Tasty Web Development Treats16 Feb 2024

731: Client side security, XSS attacks & CSP with Stripe’s Alex Sexton

Scott and Wes are joined by security expert, Alex Sexton of Stripe to cover all things: client security, XSS, attack vectors, and CSP (content security policy). Show Notes 00:00 Welcome to Syntax! 00:31 Brought to you by Sentry.io. 00:57 Who is Alex Sexton? 04:44 Stripe dashboard is a work of art. 05:08 Tell us about the design system. React Aria 08:59 Who develops the iOS app? 09:50 Stripe’s CSP (content security policy). 12:50 What even is a content security policy? Content Security Policy explanation 13:57 Douglas Crockford of Yahoo on security. Douglas on GitHub 15:13 Security philosophy. 16:59 What about inline styles and inline JavaScript? 19:41 How do we safely set inline styles from JS? 20:20 Setting up with meta tags. 22:52 What are common situations that require security exceptions? 26:24 Potential damage with inline style tags. 32:45 Looping vulnerabilities. 36:32 What about JavaScript injection? 37:09 Myspace Samy Worm. Myspace Samy Worm Wiki Sentry.io Security Policy Reporting 42:02 Does a CSP stop code from running in the console? 43:28 What are some general security best practices? 46:35 Strategies for rolling out a CSP. 51:49 Final tip, Strict Dynamic. Strict Dynamic 56:36 Where does the CSP live within Stripe? Original Black Friday story 59:35 One last story. 01:01:20 Sick Picks + Shameless Plugs Sick Picks + Shameless Plugs Alex: Wes Bos’ Instagram Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott:X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

Avsnitt(1000)

976: Pi - The AI Harness That Powers OpenClaw W/ Armin Ronacher & Mario Zechner

976: Pi - The AI Harness That Powers OpenClaw W/ Armin Ronacher & Mario Zechner

Wes and Scott talk with Armin Ronacher and Mario Zechner about PI, a minimalist agent harness powering tools like OpenClaw. They unpack why Bash is “all you need,” the risks of agents, workflow adapta...

4 Feb 57min

975: What’s Missing From the Web Platform?

975: What’s Missing From the Web Platform?

Scott and Wes run through their wishlist for the web platform, digging into the UI primitives, DOM APIs, and browser features they wish existed (or didn’t suck). From better form controls and drag-and...

2 Feb 50min

974: Clawdbot (Moltbot), Agents and the Age of Personal Software

974: Clawdbot (Moltbot), Agents and the Age of Personal Software

Wes and Scott talk about building hyper-specific personal software with AI. They explore personal agents, home automation, JSON-as-a-database, and how LLMs unlock fast, custom apps that reduce frictio...

28 Jan 46min

973: The Web’s Next Form: MCP UI (with Kent C. Dodds)

973: The Web’s Next Form: MCP UI (with Kent C. Dodds)

Scott and Wes sit down with Kent C. Dodds to break down MCP, context engineering, and what it really takes to build effective AI-powered tools. They dig into practical examples, UI patterns, performan...

26 Jan 48min

972: These Things Make Your App Feel Like Crap on Mobile

972: These Things Make Your App Feel Like Crap on Mobile

Wes and Scott talk about why mobile web apps often feel “janky” compared to native—and how to fix it. They cover input zooming, accidental horizontal scroll, pointer/user-select quirks, frame rate con...

21 Jan 38min

971: Stackoverflow and Firefox are Dead?

971: Stackoverflow and Firefox are Dead?

Is Stack Overflow actually dying, and what does that mean in an AI-driven dev world? Scott and Wes break down the latest web dev news, from Firefox’s AI crossroads and Apple’s browser engine changes t...

19 Jan 46min

970: Why Did Anthropic Buy Bun?

970: Why Did Anthropic Buy Bun?

Wes and Scott answer your questions about whether Git GUIs beat the terminal, balancing accessibility with experimental web projects, blocking malicious traffic, smart home setups, why Anthropic bough...

14 Jan 45min

969: This guy is nuts (TypeScript Doom)

969: This guy is nuts (TypeScript Doom)

Scott and Wes sit down with Dimitri Mitropoulos to explore the wild edges of TypeScript—from running Doom in the type system to building tools like Typeslayer. They dig into Turing-complete types, per...

12 Jan 55min

Populärt inom Politik & nyheter

aftonbladet-krim
rss-krimstad
svenska-fall
p3-krim
spar
aftonbladet-daily
flashback-forever
politiken
rss-sanning-konsekvens
rss-krimreportrarna
motiv
rss-vad-fan-hande
blenda-2
rss-flodet
rss-frandfors-horna
rss-expressen-dok
grans
rss-aftonbladet-krim
svd-ledarredaktionen
ett-rent-noje