Showing posts from 2008

Interesting findings on CSRF (cross site request forgery)

Found an interesting use case where the orkut has missed out CSRF rules. Login to orkut as User1 . Update the status as <a href="/GLogin.aspx?cmd=logout">its good!</a> Login as User2 . Go to User1 's profile home and click on the status, you will be successfully logged out. :) Should orkut does not support anchor tags in its status ??

Firefox break points made easy

It is now easy to keep the break points in the js files. No need to remember the line numbers and search for the js file in the list of downloaded files and then put the break point at that position. a simple debugger; statement will do fine. The firebug console stops at the statement and waits for the user input same as in case of a break point. All the variables at that scope will be displayed in the firebug console. Example Usage : function getBasicProfileData(callbackFunc, accountId) { var url = getBasicProfileUrlForUser(accountId); debugger; ajaxRequest(url, "GET", true, function(responseText) { var data = responseText.parseJSON(); callbackFunc(data.basicInfo); }, null); } Functionality verified in Firefox 3.0.2 with Firebug 1.2b015 version addon installed. Screenshot attached :

XHR request callback is not called in FF3

I encountered a problem while making an application to run on FF3. The application uses ajax extensively and has callbacks for synchronous and asynchronous calls as well.Every thing works fine in IE variants and FF2. Coming to FF3, the callback is never invoked for synchronous calls and the user has to make the call explictly. The problem and the solution is clearly explained at

Using Fiddler for javascript debugging

If there is a problem in javascript UI while navigating through a site, the debugging will be difficult as the js files cant be modified on the server that is live. The best solution to this problem is using fiddler tool's auto responder feature. Using auto responder feature you can actually server files on the local machine for the requested URLs. Change the js files on your system, modify them for testing. This process will not effect other users accessing the site at the same time. It is clearly explained at.
I came across one annoying error while coding in javascript for IE. After debugging for several hours, commenting, uncommenting the parts of code I identified that accessing body element in the javascript before entire body element is formed, will throw the alert of 'Permission Denied' which is unrelated to what ever the actual problem is. This happens only with IE. So the solution for this IE only problem is add defer attribute to the script tags manipulating body element. Like < script type="text/javascript" defer> ...access body element... </script>

Tools I used for effective development

Due to advent in opensource technologies, many tools are now available for free and these tools enables web developers to analyze the development process better and also enables them to arrive at quick solutions. Following are the tools which i identified were extremely useful. FireBug It is the most important and beautiful tool i had ever used in my life time. Firbug is an add-on for firefox used by developers to debug javascript and it addresses all the ui related debugging issues. One issue found in fiddler is that if net tab is eanbled then firefox is not sending the 'If Modified since' header back to the sever due to which ETag validations fail during handshakes. Fiddler2 with RPASpy Fiddler is the most effective tool for analyzing the traffice over the wire. Auto responder is one of the features of fiddler that makes it more userful. Using auto respon