Safely Binding Unescaped Content in Web Applications

“Snakecharmers,” a chromolithograph by Alfred Brehm, c.1883

Binding unescaped HTML or CSS content on a web page is a scary proposition for most web developers. The idea conjures up black-hat hackers attacking your company’s infrastructure and high-visibility hacks. In fact, cross-site scripting vulnerabilities may exist on as many as 70% of all web sites.

In this post, I’ll explain what cross-site scripting vulnerability is, when it’s OK to silence warnings, and how to do so in two popular JavaScript frameworks: Angular and Ember.js. Read more on Safely Binding Unescaped Content in Web Applications…

Implementing an Offscreen Menu in Ember.js

Offscreen menus have become a standard in mobile apps and web interfaces over the past several years. I was recently given the task of implementing an offscreen menu for the Ember.js app that I have been working on over the past several months, so I figured I would share my solution.
Read more on Implementing an Offscreen Menu in Ember.js…

Two Techniques for Keeping Your Ember.js Project Clean

I’ve had the opportunity to work on an Ember.js application for the better half of the last year. During that time, I’ve learned a ton about the Ember framework and web development in general. I’ve also seen how an Ember app can transform as it continues to grow. If I could start all over, these are the choices I would make to keep my Ember project clean.
Read more on Two Techniques for Keeping Your Ember.js Project Clean…

Waiter, There’s a WordPress in My Web App!

If you’ve ever been a part of developing custom software, you’ve probably seen some features turn out to be much more complicated than anticipated. Sometimes, it’s due to unforeseen technical constraints. Other times, it’s a case of not fully understanding the nature of the feature—a situation that led me to an unexpected use for WordPress.
Read more on Waiter, There’s a WordPress in My Web App!…

Side-Load Like a Pro with Ember-RESTless

Side-loading is an efficient way for a developer to pull multiple pieces of relevant JSON data (i.e. data for multiple model types) from a single HTTP request in a client-server implementation. Rather than requiring a client to make multiple requests to fetch the full set of relevant data, side-loading automatically sends all relevant data back from the server. Read more on Side-Load Like a Pro with Ember-RESTless…

Unorthodox Ember Data Models: A Resource By Any Other Identifier

Ember Data has strong opinions on how it wants you to structure your data and your API, which are essentially collapsed into one by its default paradigm. If you are using ActiveModelSerializer, the path of least resistance is to have your DS.Model classes essentially mirror your ActiveRecord classes, to the point where I feel like an Ember Data app is often doing SQL over AJAX.

Read more on Unorthodox Ember Data Models: A Resource By Any Other Identifier…

Testing Asynchronous Behavior with Ember

I’ve found system testing Ember.js applications to be quite enjoyable—the Ember run loop and test helpers make tests deterministic and fast. That is, of course, when your application code lives happily within the confines of the run loop. But what happens when your application generates asynchronous behavior? How do you test that?

Read more on Testing Asynchronous Behavior with Ember…

Organizing an Ember.js App with the Awesome {{component}} Helper

In the past year, I’ve spent a lot of time developing a large, complex single-page app using Ember.js. One of the challenges when dealing with a complex SPA is organizing the many views and components within the app, especially when dealing with naturally “typed” data.

In this situation we often found we wanted a different view or component based on the type of the data being presented. The advantage to this is it keeps our templates, controllers, and components from growing out of control. Read more on Organizing an Ember.js App with the Awesome {{component}} Helper…