Even as the number of frontend programming vulnerabilities grows continually, many are not difficult to combat; you simply need to remember to fortify your frontend security against them.
<a href="..." target="_blank"> vulnerability to hacked target page by including rel="noopener noreferrer". See Target=”_blank” – the most underestimated vulnerability ever
Things evolve. ReactJS evolves. With version 16.3, there were several changes to the component life-cycle methods. In particular, componentWillReceiveProps is disappearing. In its place, they say, you can use the getDerivedStateFromProps static function. I found this a bit challenging, but I did find an interesting pattern when the component-state was dependent on fetched information.
I should mention that I had a specific goal to better encapsulate data within the component. While I could pass in all the needed data as properties, that would require the surrounding component know what to pass and how to get it. That shouldn’t necessarily be necessary; the component knows what it needs and how to retrieve it.
For example, say you have a component which accepts a phone number and displays the phone number and the state that it’s from. Certainly, you could write a simple component that accepts both pieces of information as properties.
<ShowPhoneLocation number="+12065551212" city="Seattle" />
Which might be implemented as:
class ShowPhoneLocation extends React.Component {
render() {
return (
<div>{this.props.number} is from {this.props.city}</div>
)
} // render()
} // class ShowPhoneLocation
But, since the component should be able to infer the state from the phone number (by its area code), it shouldn’t be incumbent on its container to know what it is.
class ShowPhoneLocation extends React.Component {
static getDerivedStateFromProps(nextProps, prevState) {
let location = getCityFromPhone(nextProps.number)
return {
city: location
}
}
render() {
return (
<div>{this.props.number} is from {this.state.city}</div>
)
} // render()
} // class ShowPhoneLocation
That’s all well and good, but what if getCityFromPhone() has to call a web service? We don’t want getDerivedStateFromProps() to stall, waiting for a response. However, it is static and does not have a this reference to the object for which it is returning state; so an asynchronous fetch doesn’t know what object’s state to set. Instead, don’t wait for the result to save in the state, save the request’s Promise in the state and update the state, once the promise resolves.
function getCityFromPhone(number) {
return fetch('http://saas.com/get/'+number+'/city') // Returns fetch promise
}
class ShowPhoneLocation extends React.Component {
static getDerivedStateFromProps(nextProps, prevState) {
let location = getCityFromPhone(nextProps.number)
return {
city: location
}
}
componentDidUpdate() {
let location = this.state.city
if (location instanceof Promise) {
this.setState({ city: '...waiting...' })
location.then(city => this.setState({ city: city }) )
.catch(() => this.setState({ city: 'not found' }) )
}
}
render() {
return (
<div>
{this.props.number} is from {this.state.city instanceof Promise
? '...'
: this.state.city}</div>
)
} // render()
} // class ShowPhoneLocation
In componentDidUpdate() you can define the completion handlers to set the object’s state, base on the returned information from the service.
It is a common pattern to perform a fetch in componentDidMount(). The problem is that there may not be enough information to perform the fetch, that early, or the information for the fetch changes after the component has been mounted.
I am going to miss componentWillReceiveProps()… without it, things become a bit more convoluted but it’s going the way of the Dodo.
I had kinda given up on my PHP framework (as I’d mentioned in my “Simplicity via PHP Frameworks” article). But as I embarked on another little web project and realized that I might b … Reviving ccPhp. It took longer than I would have liked, to get up and running. … I noted that, at its core, it has a very programmatic approach to building a web page. That is, it assumes …
[This post was hacked, due to a WordPress bug, and I hadn’t backed it up. I tried to find it via some of the web caching/archival sites like achive.org, but, to no avail. The snippet above was a snippet from what the Facebook page preserved. A lot of thought went into the post, but once I spew my thoughts out onto the page, I wipe my brain of the details. If I find the rest, I’ll update this.]
Here is a simple Web 1.5 (static HTML with a little bit of styling and JavaScript) recipe to allow a viewer of your web page to see the PHP source-code, behind it, with a minimal amount of JavaScript and a little CSS manipulation—good for showing the work you’ve done to others. Or for embedding in your own source, in debug mode, so that teammates can see each others’ work.
See the example code at: http://cachecrew.com/sample_code/highlight_file.php and http://cachecrew.com//sample_code/highlight_file2.php.