Is It Too Late To Change JSON?

json security suggest edit

In my last post, I wrote about the hijacking of JSON arrays. Near the end of the post, I mentioned a comment whereby someone suggests that what really should happen is that browsers should be more strict about honoring content types and not execute code with the content type of application/json.

Read More

JSON Hijacking

security json suggest edit

A while back I wrote about a subtle JSON vulnerability which could result in the disclosure of sensitive information. That particular exploit involved overriding the JavaScript Array constructor to disclose the payload of a JSON array, something which most browsers do not support now.

Read More

And Get Rid Of Those Pesky Programmers

code suggest edit

Every now and then some email or website comes along promising to prove Fred Brooks wrong about this crazy idea he wrote in The Mythical Man Month (highly recommended reading!) that there is no silver bullet which by itself will provide a tenfold improvement in productivity, reliability, and simplicity within a decade.

Read More

ASP.NET MVC Installer For Visual Studio 2010 Beta 1 And Roadmap

aspnetmvc suggest edit

A little while ago I announced our plans for ASP.NET MVC as it relates to Visual Studio 2010. ASP.NET MVC wasn’t included as part of Beta 1, which raised a few concerns by some (if not conspiracy theories!) ;). The reason for this was simple as I pointed out:

Read More

An Alternative Approach To Strongly Typed Helpers

aspnetmvc suggest edit

One of the features contained in the MVC Futures project is the ability to generate action links in a strongly typed fashion using expressions. For example:

Read More

Writing A Page To A String

aspnetmvc suggest edit

ASP.NET Pages are designed to stream their output directly to a response stream. This can be a huge performance benefit for large pages as it doesn’t require buffering and allocating very large strings before rendering. Allocating large strings can put them on the Large Object Heap which means they’ll be sticking around for a while.

Read More

A Fright on Mt Si

personal suggest edit

Being that it’s a glorious Memorial Day Weekend up here in the Northwest, my co-worker Eilon (developer lead for ASP.NET MVC) and I decided to go on a hike to Mt Si where we had a bit of a scary moment.

Read More

ASP.NET MVC For Visual Studio 2010 Beta 1

This post is now outdated

Read More

Donut Hole Caching in ASP.NET MVC

A while back, I wrote about Donut Caching in ASP.NET MVC for the scenario where you want to cache an entire view except for a small bit of it. The more technical term for this technique is probably “cache substitution” as it makes use of the Response.WriteSubstitution method, but I think “Donut Caching” really describes it well — you want to cache everything but the hole in the middle.

Read More

I am a Web Developer At Heart

webdev suggest edit

A while back a young developer emailed me asking for advice on what it takes to become a successful developer. I started to respond,

Read More

Put Your Pages and Views on Lockdown

lockdownAs I’m sure you know, we developers are very particular people and we like to have things exactly our way. How else can you explain long winded impassioned debates over curly brace placement

Read More

ASP.NET MVC NerdDinner Walkthrough

aspnetmvc suggest edit

At long last, the book that I worked on with Scott Hanselman, Rob Conery, and Scott Guthrie is in stock at Amazon.com.

Read More

Scripting ASP.NET MVC Views Stored In The Database

Say you’re building a web application and you want, against your better judgment perhaps, to allow end users to easily customize the look and feel – a common scenario within a blog engine or any hosted application.

Read More

Next Stop, Norway!

conferences suggest edit

Because of all the travel I did last year as well as the impending new addition to the family this year, I drastically cut down on my travel this year. There are only two conferences outside of Redmond I planned to speak at, one was Mix (see the links to videos of my talks) and the next one is the Norwegian Developer Conference also known as the NDC.

Read More

Code Sample Taxonomy

code suggest edit

What responsibility do we have as software professionals when we post code out there for public consumption?

Read More

Using jQuery Grid With ASP.NET MVC

code aspnetmvc suggest edit

Tim Davis posted an updated version of this solution on his blog. His includes the following:

Read More

My Little World Domination Backup

Every good developer knows to always have a backup. For example, over two years ago, I announced my world domination plans. But there was a single point of failure in me putting all my world domination plans on the tiny shoulders of just one progeny. My boy needs a partner in crime.

Read More

TipJar: Title Tags and Master Pages

There are a couple of peculiarities worth understanding when dealing with title tags and master pages within Web Forms and ASP.NET MVC. These assume you are using the HtmlHead control, aka <head runat="server" />.

Read More

CSRF Attacks and Web Forms

In my last blog post, I walked step by step through a Cross-site request forgery (CSRF) attack against an ASP.NET MVC web application. This attack is the result of how browsers handle cookies and cross domain form posts and is not specific to any one web platform. Many web platforms thus include their own mitigations to the problem.

Read More

Anatomy of a Cross-site Request Forgery Attack

A Cross-site request forgery attack, also known as CSRF or XSRF (pronounced sea-surf) is the less well known, but equally dangerous, cousin of the Cross Site Scripting (XSS) attack. Yeah, they come from a rough family.

Read More