Roger Vandawalker

Front End Developer

How to Remove Broken Placeholders When Images Don’t Load

Images that don’t load can sometimes leave an ugly red [X] placeholder. This jQuery snippet will remove all instances of images that don’t load. It even takes into account that IE will only produce a single error for each unique src attribute.

$('img').error(function(){
    $('img[src="'+$(this).attr('src')+'"]').remove();
});

It’s safer to completely remove the broken image from the DOM as the display and visibility CSS properties work inconsistently across browsers.

What other tips or tricks for graceful erroring out can you share?

James Wood

Programmer

Sandbox Security in ColdFusion 8

There are certain tags that by default are enabled in ColdFusion that I am never going to use and are a security risk. With this in mind I wanted to disable these CF Tags in a ColdFusion enterprise environment.

We have done this before in the ColdFusion standard edition and it is quite straight black keysforward. So I went ahead and enabled Sandbox Security in a specific CF instance. One of the differences in the Enterprise edition is that you can specify specific directories to define specific permissions. So you can have different permissions on different instances.

I added the directory of the site that I wanted to disable cfexecute and then disabled the cfexecute tag. I was prompted to restart the CF instance and then went to my site. I got an error. I went to CF administrator to change the settings back and it wouldn’t respond! What the…?

Having played around with the guts of ColdFusion and its settings, I knew that I could revert the Sandbox Security by changing the xml file. That file is called neo-security.xml in the \WEB-INF\cfusion\lib folder of the instance that I was updating.

So, what next?

Continue reading

Wesley Harris

Software Tester

Fix Your Fat Fingers With Gti, a Git Launcher

Find yourself typing gti when you mean to type git? No biggie, because by now you’ve already set up an alias in your Bash profile.

But while that is a very elegant and Unix-y solution, it is woefully lacking in ASCII art. The solution you were actually looking for is gti.

Inspired by sl, gti runs an appropriate animation before passing its parameters along to git for you.

But I won’t ruin it for you. You’ll have to install it. Luckily a package is waiting in Homebrew for you Apple fanbois:

brew install gti

I didn’t look, but there’s probably a package for your *nix of choice. If not, the code is all of 100 lines long. I’ll bet you can make && make install, my man.

For Windows users, you should install Ubuntu ;)

What do you all think? Is gti a great tool?

Wesley Harris

Software Tester

ColdFusion xmlFormat, maxlength, and column size

Any user input that is reflected back to users in a web application is a potential vector for cross-site scripting and similar code injection attacks by marauding nasties. One way to thwart these reprobates is to encode special characters in the user input before saving or displaying it. And in ColdFusionxmlFormat is available to help with that.

It’s also good practice to enforce maxlengths on user input. But if we allow special characters and then sanitize them with xmlFormat, the maxlength on the text field will no longer match the size of the string that we then need to store.

That’s because those special characters will be escaped. An apostrophe uses one character when the user inputs it but 6 when it has been escaped:

'

How do we calculate the column size to store our expanding string?

Easy. The longest escapes produced by xmlFormat are ' and the ASCII characters 128 to 255, which also take six characters (eg É). So the column size is simply (maxlength * 6).

If we are enforcing a maxlength of 50 characters on the text field, then the longest string we need to store in the database will be 300 characters.

NOTE: Calculating the column size doesn’t mean you don’t have catch and handle truncated data errors! Just because you enforce a maxlength via HTML doesn’t stop evildoers posting parameters of arbitrary length to your application. The first thing an attacker will do is reconnaissance on your application, which means fuzzing those parameters until it breaks. With luck, the platform or a web application firewall will be there to keep errors from leaking juicy info about the app, but let’s not rely on it. It pays to be a little paranoid.

Besides, handling errors gracefully is a hallmark of elegant code. We all prefer elegant code to ugly hacks, right?

Liz Norton

Programmer

Essential Chrome Web Dev Extensions

Everyone has different preferences for preferred browsers and plug-ins when working.  My current favorite set-up is Google Chrome with the following extensions installed.  
Here’s what I use and why:
  • Adblock Plus – My favorite ad blocking program/plug-in.  I’ve used this across multiple browsers and platforms.  It’s easy to use and helps cut down on ads competing for my attention when I am searching for solutions and examples on the interwebs.
  • Firebug Lite – A great code inspection tool that I like to use in conjunction with Chrome’s built-in inspector.  Chrome’s inspector has more functionality than Firebug Lite, but I still prefer Firebug Lite’s method of inspecting individual page elements.
  • JSONView – Ever tried reading a block of non-formatted JSON?  It’s not pretty.  Fellow developer Craig saved my life (or at least my eyesight) one day when he told me to go install the JSONView extension by gildas.  Now reading JSON is 1000% better.
  • LastPass – A fantastic password manager integrated into your browser of choice.  It allows me to easily pre-populate log ins and forms when I am working on a project in a secure manner.  I have to log in with my credentials before the extension will retrieve username and password information  and once I log out, no one else can get  to my stored log ins.
  • Web Developer – Select colors from the screen.  Measure page elements.  Display form elements and values.  Outline tables and divs and spans. Display print styles.  The list of things amazingly useful things that the Web Developer extension can do goes on and on.  If I could have only one extension for Chrome, it would be Web Developer.  Hands down.

What extensions do you find essential?