PUBLIC MARKS from mbertier with tag webdev

A Javascript module and CSS file that allows syntax highlighting of source code snippets in an html page.

In this article, we will show you how CSRF and XSS work and how to defend against them. To dispel the myths about these attacks, I will assume the role of a hacker and show how the supposedly harmless injection of tiny bits of HTML can perform amazing things, from stealing the user's identity to a completely transparent rewrite of site content.

The problem at hand is Web Application Building. Thus we are not considering general issues of compute performance, because in Web apps, you don’t do much computing. You get some values from the browser, you use them to pull some info out of a database, you report them to the user, maybe you update the database, and that’s about it.

SWFFix is a project by Geoff Stearns and Bobby van der Sluis with the goal to create a next generation JavaScript library for embedding Flash content.

There’s one aspect of URL design that is often ignored. Good URLs should be unambiguous. By that, I mean that any logical piece of content should have one and only one definitive URL, with any alternatives acting as a permanent redirect.

I’ve had a number of people over the last year or so ask me what good sites are out there for people to learn about web application security.

xmpp4moz is: * A browser connector that provides rich user-to-user communication and interaction to web applications, in real-time and without server hacks. * A family of high-level components to quickly build Mozilla-based applications that communicate via XMPP.

BeEF is the browser exploitation framework. Its purposes in life is to provide an easily integratable framework to demonstrate the impact of browser and cross-site scripting (XSS) issues in real-time.

While working on optimizing page load times for a high-profile AJAX application, I had a chance to investigate how much I could reduce latency due to external objects. Specifically, I looked into how the HTTP client implementation in common browsers and characteristics of common Internet connections affect page load time for pages with many small objects.

Here are the 16 chapters and 91 essays that make up the book.

A List Apart offers hundreds of articles on design, markup, style, accessibility, usability, and more. We’ve selected a few that you might want to start with.

I tested the vast majority of CSS properties and some CSS practices to see how each web based client would react. You will find the results below.

What is the one true path to creating a successful PHP application? Does it exist? Does everyone know what it is? What dangers should I avoid? What works, what doesn’t? Is there a guide that will lead me down this path?

Wiky is a clientside Wiki markup to HTML converter written in javascript. As it is bidirectional, it can convert Wiki markup to HTML and later convert that generated HTML text back to Wiki markup.

Oedipus is an open source web application security analysis and testing suite written in Ruby. It is capable of parsing different types of log files off-line and identifying security vulnerabilities. Using the analyzed information, Oedipus can dynamically test web sites for application and web server vulnerabilities.

Welcome to the Yahoo! Developer Network. We help software developers integrate their Web sites and applications with Yahoo! using standard technologies such as XML and RSS.

Graded Browser Support offers two fundamental ideas: * A broader and more reasonable definition of “support.” * The notion of “grades” of support.

Things to look out for when building a large application.

Solex is a free open source Web application testing tool built as a plug-in for the Eclipse IDE.

Why not replace that cumbersome select box with a scrollable checklist?

Anteater is a testing framework designed around Ant, from the Apache Jakarta Project. It provides an easy way to write tests for checking the functionality of a Web application or of an XML Web service.

This page will help you select the proper character reference (as either a decimal (base 10) integer or in hexadecimal (base 16) format) or entity reference

WebPatterns is a place to discuss, document and collaborate on patterns for web design and development.