Kuoll error analytics blog

    Best practices of web page embed JavaScript API

    We bet that you’ve come across principles about writing modules and classes in JavaScript. When we in Kuoll needed to write a script embed in the web page that provides API for the operation of a certain service, we could not find any worthy recommendations for designing such scripts.

    So, here are the requirements for the script:

    • It will be embedded in the pages of third-party web applications;
    • It must work well;
    • It must boot quickly;
    • It should not (potentially unpredictable) affect the operations of the web application;
    • Must comply with security requirements;
    • … // and other 🙂

    Read more…

    The end of CSRF?

    Long-standing issue

    The vulnerability of CSRF or XSRF (these abbreviations are synonyms) seems to have always existed. The root of this vulnerability is the well-known opportunity to make a request from one website to another. Let’s say I create this form on my website:

    <form action="https://bankingsite.com/transfer" method="POST" id="stealMoney">  
    <input type="hidden" name="to" value="John Doe">  
    <input type="hidden" name="account" value="12416234">  
    <input type="hidden" name="amount" value="$1,000">

    Your browser will download my site and my form of course. I can send it immediately to my server using simple javascript.

    Read more…

    Top 10 bugs and their bug fixing

    Many modern web applications use JavaScript. At first, it will seem that it’s a simple language but it’s not true. JavaScript has a lot of nuances and sometimes these nuances can lead to bugs.

    Bug #1 Bugs with incorrect references to this

    The keyword this is often confused with self-referencing scopes within callbacks and closures.
    Read more…