How To Dev

Introduction Cross-Site Scripting (XSS) is a security vulnerability that allows attackers to inject malicious scripts, typically JavaScript, into web pages viewed by other users. When a user's browser executes this code, attackers can steal cookies, session tokens and alter the website interface. To prevent XSS, the following primary methods are used: Validation: Accepting only desired data formats. This simple approach only addresses surface-level issues, so we focus on the methods below for better effectiveness. Sanitization: Removing or disabling dangerous HTML tags and attributes such as <script> , onerror and onclick from user input before storage or display. Using Framework Automations: React and NextJS automatically escape data in text strings by default. When rendering HTML directly via dangerouslySetInnerHTML , using a library like DOMPurify is mandatory to ensure safety. Content Security Policy (CSP): Configuring browser policies to restrict script execution s...

Introduction GraphQL and gRPC are two powerful and popular communication technologies today. While GraphQL optimizes data transmission between Client and Server by allowing the Client to query exactly what it needs, gRPC is an ideal solution for communication between Microservices thanks to its superior performance, based on the HTTP/2 protocol and the Protocol Buffers binary format. The combination of this duo brings comprehensive optimization from the user interface layer to the core backend system. Using modern packages from @bufbuild and @connectrpc brings many outstanding advantages compared to the traditional library @grpc/grpc-js: Comprehensive Typescript support: Automatically generates safe type files (Type-safe) intuitively, helping the coding process to be error-free and providing excellent code suggestions (IntelliSense). Perfect compatibility with HTTP/1.1 and HTTP/2: No need to configure complex proxies like Envoy to connect from the browser or restricted environments, th...