Javascript is under rated, but powerful

On my way home, I had a chance to talk to a fellow Web Developer working at a bank. She holds web projects of a small IT department of the bank. She is very confident at how she handles server scripts and out of somewhere said, I won't have to worry about all those client side scripts because it will always run at the back end.

While a bit worried, I said that she might haven't heard of XSS(or CSS, cross site scripting). Probably she haven't tried few developments on the wild internet, but actually a small javascript code can override functions, even prevent a server control's default action to a new one, thru Javascript. I agree that, server side validation is powerful, but javascript is like a shoelace, that on a hand of an assassin, can even be deadly.

I have posted an article here about PRC website hacking incident. I believe it was done thru SQL Injection and XSS (by injecting script tag). Reputation of PRC website for google is laced with malicious attempts to download harmful materials.

For those who doesn't acknowledge what Javascript can do. It can even change your web application to post to a remote server and steal informations. That's a good reason to do validation, both client and server side.

T4 in ASP.NET MVC 2

One of the dilemmas I had with ASP.NET development is that, ASP.NET  render server controls their own way, stuffs like Gridviews, Radio button list, Check box list, etc. Sure it does the work and saves time, but not long enough, until future changes are considered. Also, flexibility in manipulating front-end things (CSS) would be hard, without altering the markup, adding classes or ids, etc...

I really liked ASP.NET server controls and data binding. Those made my life easy, but because of poor rendering technique, it is a disappointment (at least for me) to see that my markups are rendered poorly and non-standard compliant. (i never imagined stuffing things sandwiched by a span tag).

good thing, there is a nice feature for ASP.NET MVC that prevents me from, seemingly re-invent the wheel (i hate re-writing custom server controls when all it needs is some mark-up changes). Code Templates T4 (Text Template Transformation Toolkit) will make rendering easy and gives you full control on the mark-up.

these T4 is a format that expresses how a model will be rendered. So if you got a lot of datas to be displayed, it doesn't necessarily mean to render it as a table or nest controls inside span, etc...

So, once you got a View, just specify a T4 template that it will use for the model datas that it will display, and there you got it, a web application that implements a separation of concern, front end developers just deal with their CSS and javascripts.