| --- Log opened Mon Mar 18 00:00:17 2019 |
| 00:26 | | Emmy [Emmy@Nightstar-9p7hb1.direct-adsl.nl] has joined #code |
| 00:41 | | Emmy [Emmy@Nightstar-9p7hb1.direct-adsl.nl] has quit [Connection reset by peer] |
| 01:33 | | Derakon[AFK] is now known as Derakon |
| 03:28 | | Callidus [Callidus@Nightstar-pc7srk.cable.rogers.com] has joined #code |
| 03:57 | | Derakon is now known as Derakon[AFK |
| 03:57 | | Derakon[AFK is now known as Derakon[AFK] |
| 04:14 | | Vorntastic [uid293981@Nightstar-6br85t.irccloud.com] has joined #code |
| 04:14 | | mode/#code [+qo Vorntastic Vorntastic] by ChanServ |
| 06:25 | | Degi [Degi@Nightstar-rgj2h5.dyn.telefonica.de] has joined #code |
| 06:45 | | Degi [Degi@Nightstar-rgj2h5.dyn.telefonica.de] has quit [Connection closed] |
| 08:24 | | gnolam [lenin@Nightstar-ghphrt.cust.bahnhof.se] has quit [[NS] Quit: Gone] |
| 09:41 | | Callidus [Callidus@Nightstar-pc7srk.cable.rogers.com] has quit [[NS] Quit: have fun!] |
| 11:52 | | * TheWatcher headdesks |
| 11:53 | <@TheWatcher> | "Is it okay ifI do these security checks in javascript on the client side?" |
| 11:53 | <@TheWatcher> | No. No it fucking isn't. |
| 11:54 | <&[R]> | Actually it is... if they're also for absolutely sure done on the server side |
| 11:55 | <&[R]> | Faster UI and all that |
| 11:55 | <@TheWatcher> | No, he's wanting to do them /only/ on the client side |
| 11:55 | <&[R]> | Yeah, fuck him with a dildo made of molten shards of glass |
| 11:57 | <&[R]> | I actually had an audit where the pentester was all "I got XSS execution on your site!" |
| 11:58 | <&[R]> | Issue was the JS would just display him exactly what he put in, and send that straight to the server. Server would properly break the string and encode it so it'd show up as text rather than HTML and get loaded when someone looks at it. |
| 11:58 | <&[R]> | Spent a few hours trying to explain that |
| 12:00 | <&[R]> | "No, you didn't exploit anything, I'd actually have to change the UI library's code to fix that properly." |
| 12:01 | <&[R]> | Boss is then "why don't you just appease him and do a quick fix?" "Because a quick fix means encoding on the JS side... which the server would encode again, making things look like ass." "Then stop doing it on the server side." "wat." |
| 12:05 | | * TheWatcher facepalm |
| 12:12 | <&[R]> | Same guy that wanted to eventually expand to a million menu items and didn't see a problem with each menu item causing PHP to generate 1kB of JS |
| 12:22 | | You're now known as TheWatcher[d00m] |
| 12:32 | | * simon_ got 27" monitors last week. they're great! |
| 12:33 | < simon_> | [R], when talking to our UX Specialists, I constantly feel a need to have a "Why X is a bad idea, authored by Y (where Y != me)" page to link to. |
| 12:36 | | celticminstrel is now known as celmin|away |
| 12:37 | < simon_> | we're redesigning a personality test, and the UX Specialist wants left and right arrows to pick between the two presented choices. I say that's a bad idea, because it hijacks browser behavior. he suggests we have an option to "go to previous question". I ask him if that's like the back button. he says yes, but with more, because it should let you go back to any previous question (listed). I ask him if that's |
| 12:37 | < simon_> | like right-clicking the back button in chrome. "You can do that?" he says. some UX Specialist. |
| 12:38 | < simon_> | moral of the story: if UX specialist isn't aware of browser feature, 1) nobody else is, and 2) don't implement it. |
| 12:39 | <&[R]> | There's also the situation where the "specialist" is in way over their head |
| 12:40 | < simon_> | I just wish they wouldn't re-invent browser features. this was done. the experience was made. blog posts were written. |
| 12:40 | <&[R]> | D: |
| 12:40 | <@TheWatcher[d00m]> | simon_: lots of people here don't knwo the chrome reload button gets special right-click options when the inspector is open, too. |
| 12:40 | < simon_> | TheWatcher[d00m], I didn't know that either. |
| 12:41 | <&[R]> | Nor did I |
| 12:41 | < simon_> | woot! |
| 12:41 | <@TheWatcher[d00m]> | Can be useful! |
| 12:41 | < simon_> | at least Firefox has a dropdown arrow next to the back button. I guess Chrome devs decided not enough people used that feature. |
| 12:51 | | Degi [Degi@Nightstar-rgj2h5.dyn.telefonica.de] has joined #code |
| 13:03 | | You're now known as TheWatcher |
| 13:16 | <&ToxicFrog> | simon_: press and hold on the back button in chrome |
| 14:22 | | Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has joined #code |
| 14:22 | | mode/#code [+qo Vornicus Vornicus] by ChanServ |
| 15:29 | | Degi [Degi@Nightstar-rgj2h5.dyn.telefonica.de] has quit [Connection closed] |
| 16:14 | | Vorntastic [uid293981@Nightstar-6br85t.irccloud.com] has quit [[NS] Quit: Connection closed for inactivity] |
| 16:21 | | Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has quit [Ping timeout: 121 seconds] |
| 16:45 | | Emmy [Emmy@Nightstar-9p7hb1.direct-adsl.nl] has joined #code |
| 17:47 | | Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has joined #code |
| 17:47 | | mode/#code [+qo Vornicus Vornicus] by ChanServ |
| 17:51 | | gnolam [quassel@Nightstar-vlegqp.dynamic.monzoon.net] has joined #code |
| 17:51 | | mode/#code [+o gnolam] by ChanServ |
| 18:02 | <&jeroud> | I always use press-and-hold in Chrome. |
| 18:33 | | Vorntastic [uid293981@Nightstar-6br85t.irccloud.com] has joined #code |
| 18:33 | | mode/#code [+qo Vorntastic Vorntastic] by ChanServ |
| 18:58 | | gnolam [quassel@Nightstar-vlegqp.dynamic.monzoon.net] has quit [[NS] Quit: http://quassel-irc.org - Chat comfortably. Anywhere.] |
| 19:19 | | Degi [Degi@Nightstar-rgj2h5.dyn.telefonica.de] has joined #code |
| 19:48 | | Kindamoody is now known as Kindamoody|afk |
| 20:31 | | McMartin [mcmartin@Nightstar-rpcdbf.sntcca.sbcglobal.net] has quit [Operation timed out] |
| 20:31 | | McMartin [mcmartin@Nightstar-rpcdbf.sntcca.sbcglobal.net] has joined #code |
| 20:31 | | mode/#code [+ao McMartin McMartin] by ChanServ |
| 21:30 | | Marjo [NSkiwiirc@Nightstar-ovsd69.cust.a3fiber.se] has joined #code |
| 22:24 | | Vorntastic [uid293981@Nightstar-6br85t.irccloud.com] has quit [[NS] Quit: Connection closed for inactivity] |
| 22:29 | | Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has quit [Connection closed] |
| 23:00 | | Emmy [Emmy@Nightstar-9p7hb1.direct-adsl.nl] has quit [Ping timeout: 121 seconds] |
| 23:06 | | Kindamoody|afk is now known as Kindamoody |
| 23:11 | | Degi [Degi@Nightstar-rgj2h5.dyn.telefonica.de] has quit [Connection closed] |
| 23:36 | | Callidus [Callidus@Nightstar-pc7srk.cable.rogers.com] has joined #code |
| --- Log closed Tue Mar 19 00:00:19 2019 |