Web Dev Matters and Me

Web Development Matters - HTML, XML, C#, .NET, AJAX/Javascript(jQuery), CSS, XML-XSLT

ME - LIFE,Philippines, Tokyo, ECE, PhilNITS/JITSE,情報処理, 日本語

things about Philippines, gaming, C# development and web development, how to make money in stock trading

Web Dev Matters and Me

Javascript is under rated, but powerful

On my way home, I had a chance to talk to a fellow Web Developer working at a bank. She holds web projects of a small IT department of the bank. She is very confident at how she handles server scripts and out of somewhere said, I won't have to worry about all those client side scripts because it will always run at the back end.

While a bit worried, I said that she might haven't heard of XSS(or CSS, cross site scripting). Probably she haven't tried few developments on the wild internet, but actually a small javascript code can override functions, even prevent a server control's default action to a new one, thru Javascript. I agree that, server side validation is powerful, but javascript is like a shoelace, that on a hand of an assassin, can even be deadly.

I have posted an article here about PRC website hacking incident. I believe it was done thru SQL Injection and XSS (by injecting script tag). Reputation of PRC website for google is laced with malicious attempts to download harmful materials.

For those who doesn't acknowledge what Javascript can do. It can even change your web application to post to a remote server and steal informations. That's a good reason to do validation, both client and server side.


FB Connect