OpenID6 items tagged “jeffatwood”
Coding Horror: Protecting Your Cookies: HttpOnly. Jeff Atwood discovers the hard way that writing an HTML sanitizer is significantly harder than you would think. HttpOnly cookies aren’t the solution though: they’re potentially useful as part of a defense in depth strategy, but fundamentally if you have an XSS hole you’re going to get 0wned, HttpOnly cookies or not. Auto-escape everything on output and be extremely cautious with things like HTML sanitizers. 
29th August 2008, 2:01 am
The fatal flaw of deletionism is the mindset of deciding what someone else *should* find interesting
— Jeff Atwood 16th June 2008, 8:23 am
Is It OK to Require JavaScript? Not if you can avoid doing so. Unobtrusive JavaScript really isn’t hard if you design it in from the start, and since stackoverflow is a community forum / questions and answers site I have trouble imagining a feature that can’t be made to work without JavaScript. 
10th June 2008, 6:41 am
Size Is The Enemy. Jeff Atwood: “I’ve started a cottage industry mining Steve [Yegge]’s insanely great but I-hope-you-have-
an-hour-to-kill writing and condensing it into its shorter form points.” Lots of verbose static typing apologists in the comments. 24th December 2007, 10:50 am
A Visual Explanation of SQL Joins. It turns out Venn diagrams are an excellent way of illustrating joins. 
12th October 2007, 9:42 am
[...] I’m a fan of the virtual machine future. We should treat our operating system like a roll of paper towels. If you get something on it you don’t like, you ball it up and throw it away, and rip off a new, fresh one.
— Jeff Atwood 2nd March 2007, 10:21 am
