background preloader

Dev Web

Facebook Twitter

Lazy Load JQuery. Simple Image Lazy Load and Fade. One of the quickest and easiest website performance optimizations is decreasing image loading.

Simple Image Lazy Load and Fade

That means a variety of things, including minifying images with tools like ImageOptim and TinyPNG, using data URIs and sprites, and lazy loading images. It's a bit jarring when you're lazy loading images and they just appear out of nowhere which is why I love the fading in route. The page still shuffles if you aren't explicitly setting image dimensions but the fade in does provide a tiny bit of class.

I've seen many solutions which accomplish this (some not very good, like my old method) so I thought I'd share my current implementation. The HTML We'll start by putting together the image tag with specifics: Use data-src to represent the eventual URL. The CSS Any image with a data-src attribute should start as invisible and eventually transition the opacity: You can probably guess at this point what we'll be doing with that attribute when an image loads... The JavaScript. A Simple PHP Class to Create RSS Feed.

<?

A Simple PHP Class to Create RSS Feed

Php class rss_feed { public function __construct($a_db, $xmlns, $a_channel, $site_url, $site_name, $full_feed = false) { $this->db_settings = $a_db; $this->xmlns = ($xmlns ? $this->channel_properties = $a_channel; $this->site_url = $site_url; $this->site_name = $site_name; $this->full_feed = $full_feed; public function create_feed() { $xml = '<? $xml .= '<rss version="2.0"' .

$xml .= '<channel>' . Preventing Cross-Site Request Forgeries. Cross-site request forgery (CSRF) is a common and serious exploit where a user is tricked into performing an action he didn’t explicitly intend to do.

Preventing Cross-Site Request Forgeries

This can happen when, for example, the user is logged in to one of his favorite websites and proceeds to click a seemingly harmless link. In the background, his profile information is silently updated with an attacker’s e-mail address. The attacker can then use the website’s password reset feature to e-mail herself a new password and she’s just successfully stolen the account. Any action that a user is allowed to perform while logged in to a website, an attacker can perform on his/her behalf, whether it’s updating a profile, adding items to a shopping cart, posting messages on a forum, or practically anything else.

If you’ve never heard of CSRF before or you haven’t written your code with prevention in mind, then I hate to break it to you but more than likely you’re vulnerable. How It Works First, here’s the code for login.php: <? Conclusion. Cross-Site Scripting Attacks (XSS) A cross-site scripting attack is one of the top 5 security attacks carried out on a daily basis across the Internet, and your PHP scripts may not be immune.

Cross-Site Scripting Attacks (XSS)

Also known as XSS, the attack is basically a type of code injection attack which is made possible by incorrectly validating user data, which usually gets inserted into the page through a web form or using an altered hyperlink. The code injected can be any malicious client-side code, such as JavaScript, VBScript, HTML, CSS, Flash, and others. The code is used to save harmful data on the server or perform a malicious action within the user’s browser.

Unfortunately, cross-site scripting attacks occurs mostly, because developers are failing to deliver secure code. Every PHP programmer has the responsibility to understand how attacks can be carried out against their PHP scripts to exploit possible security vulnerabilities. Learning by Example Let’s take the following code snippet. <? <script>alert("hacked")</script> Non-persistent XSS.