Tuesday, March 6, 2012

Cleaning up that ugly client side aspx code

When managing a big web project, you might find yourself ending up with a big master page, that has a bunch of centralized code client side logic, like includes. What I mean by 'includes', is the part of the code where you spit out all the declarations for js and css files. I got to this stage many times by myself, and i've seen it happen at my various work places as well.

This usually ends up to some big nasty chunk of code that looks like this (and this is a relatively small example of what i mean...) :
<link rel="stylesheet" href="../../Content/bootstrap.css" />
<link rel="stylesheet" href="../../Content/common.css" />
<link rel="stylesheet" href="../../Content/widgets.css" />

<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js" type="text/javascript"></script>
<script src="@Url.Content("~/Scripts/bootstrap/bootstrap-dropdown.js")" type="text/javascript"></script>
<script src="@Url.Content("~/Scripts/common.js")" type="text/javascript"></script>
<script src="@Url.Content("~/Scripts/homepage.js")" type="text/javascript"></script>
<script src="@Url.Content("~/Scripts/add-form.js")" type="text/javascript"></script>
<script src="@Url.Content("~/Scripts/search-form.js")" type="text/javascript"></script>
<script src="@Url.Content("~/Scripts/bookmark-list.js")" type="text/javascript"></script>
<script src="@Url.Content("~/Scripts/register.js")" type="text/javascript"></script>
<script src="@Url.Content("~/Scripts/openid.js")" type="text/javascript"></script>

Why is this bad ?
For starters, there's so much similar text here, that typing it all up should've ringed a huge bell for us, screaming "THIS IS WRONG!!".
The clutter of text here, bothers us from seeing what's really important here, and all that is, is the files being included here.

Why does this happen ?
The main reason for this is because we don't think of client side code as 'actual' code. This leads to us forgetting about DRYing up our code. The equivalent of this in server side code would be to copy the whole body of a certain method a dozen times, and just changing one parameter between different versions. If this were server code, we would've easily spotted the code duplication, and extracted this to a method that receives a parameter and saved a lot of typing, and kept the maintainability of the code.

How do we fix this ?
All we need to do is introduce a small helper method that will print this again and again for us. We can do this on the client and on the server. In this case, I would go with doing this on the client, just because this piece of code will probably only be useful for us in this specific context.

Here is my clean solution to this problem :
@{ Func<string, string> JsRequire = s => "<script src=\"" + Url.Content(s) + "\" type=\"text/javascript\"></script>"; }
@{ Func<string, string> CssRequire = s => "<script rel=\"stylesheet\" href=\"" + s + "\" />"; }



Sunday, March 4, 2012

jQuery relative position plugin - nextTo

The Problem :
I've already created quite a few jQuery plugins in the past, at work, and for personal use, and in many of them there are certain parts of code that always tend to repeat themselves.

One of these parts of code has to do with element positioning calculations relative to another element.
For example, when creating a plugin for a drop-down menu, or a tooltip, you can't avoid having a nasty piece of code in there, that all it does is calculate the element's position relative to the element we clicked on or hovered above.

I don't think there's any need for me to post an example of this, you probably know what I mean. This is usually the least most maintainable part of code in the plugin and the least easy to understand.

The Solution :
I finally decided to extract this ugly piece of code into a nice jQuery plugin that will hold all the dirty work calculations, and will leave you with a nice clean and understandable piece of code inside your plugin.

<scrip type="text/javascript">
    $(function() {
        $('.PutThisDiv').nextTo('.ThisOtherDiv', {position:'right', shareBorder:'top'});

This plugin is hosted on google code : https://code.google.com/p/next-to/ (project name: 'next-to')
At the project page you will find more sample usages, usage explanations, the source code and a minified version.

Saturday, March 3, 2012

FireSheep version 2.0

FireSheep version 1.0
I think about two years ago I read about the FireSheep firefox plugin that allows you to hijack any user's account to many different sites (Facebook, flickr, twitter, etc.) that is surfing on the same wifi connection that you are using. This can be extremely brutal to use in any coffee shop, hotel, airport, just sitting outside someone's house stalking them, whatever...
The point is, the person who created this, Eric Butler, didn't do this as a hacking tool, but as a wake-up call to all the sites that aren't encrypting there connection via SSL, and a lot of them didn't even change that since...

FireSheep in action...

The potential danger
The second I read about this, I just couldn't stop thinking about what a dangerous tool this can become. Imagine this - Someone expands this tool to send all the currently active session cookies in the current wifi network to an online database, and now all the active sessions from all the firesheep users are shared worldwide. This means that you don't even have to be in the same wifi network as someone else to hijack their account. All you need is for someone else to be there while you're in the comfort of your own home... Isn't the internet a beautiful thing ??? :)

The future...
Two years (maybe more) later, and I'm happy to see that no one did this yet, but I am still very afraid of the day someone will!
I looked at firesheep code a little just out of pure curiosity, but never even downloaded it or tried it myself. I'm not a hacker and not interested in becoming one. The one thing I am concerned about here is my own personal security, so I am still hoping that these sites will improve the security for the sake of their users. Unfortunately, sometimes the only thing that speeds up the process is a lunatic taking advantage of the current situation.

Till then, beware...