Copy
Note: You are receiving this because you have signed up for Nordschool's weekly newsletter. Every Monday, we send out our "Better Code Monday" with 3 frontend coding tips from experienced developers.

Better Code Monday 02/12/19
Good day! 👋

Here are this week's three coding tips:

Tip #1 - Validate it first 🧐


Building data-heavy web apps? Consider using a proper validation library.

My go-to libraries are: 👇🏽
These libraries would make your life a lot easier when it comes to validating complex data & easily share validation schemas! 👌🏽

Do you know of other libraries? Reply with your recommendation?

Tip #2 - Polyfills on demand 


Polyfills are a great way to allow modern features to work on legacy browsers.

But, adding these polyfills comes with a price. The more polyfills we add, the more bundles size grows. Resulting in slowing down the performance. 

What to do? You can use tools like Webpack to load these polyfills only for browsers that need them.

You can have conditions in your code that check's the browser's UserAgent. Depending on the UserAgent you can lazy-load different polyfills. 😎

In case you need an easier way of doing that, check out Polyfill.io

Tip #3 - No sensitive data in LocalStorage 🚫


LocalStorage is useful for storing all sorts of (public) strings that we would like to remember about our users. But, when it comes to storing sensitive data. LocalStorage isn't that secure. 😲

The main problem with LocalStorage is that it is accessible by JavaScript. Which is great! but...it is also prone to XSS attacks.

"Ok, what if I have my website secured against XSS vulnerabilities. I am safe now right?" - Not really...

Web services typically have many 3rd party scripts running on their service. What happens if one of these 3rd party scripts gets compromised? 🤔

Well the attacker would have access to the LocalStorage and your user's data stored there.. 👀

To minimize security risks, store sensitive data in cookies instead. The main difference here is that cookies could be set not to be accessible by Javascript.

Consider using user session cookies. Also add the appropriate flags (httpOnly, SameSite=strict, secure=true ). 

Apparently OWASP seem to share the same recommendation.

For more details, check out this article.

Testimonials


Have you found this newsletter any useful? Share your testimonial! 😊
If you know someone who might find this useful, sharing is appreciated! 👍🏼

That is it folks, wish you a good week & until next time! 👋🏽

Ahmed

If you have been forwarded this email, you are welcome to subscribe here and you will receive next week's tips. 👌🏽
Twitter
Website
Copyright © 2019 Nordschool, All rights reserved.


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp