

Cross-Browser Development Tips (or how to make JS work in IE8) - angelirizarry
https://www.tinfoilsecurity.com/blog/cross-browser-development-tips-javascript

======
martin-adams
I've done a lot of UI work for an embedded device which explicitly supported
IE8. Compare IE8 to Chrome for anything of complexity and you really do
realise how slow it is. What would take about 30 seconds in Chrome would be
over 10 minutes in IE8.

This of course was doing a lot of XML data processing with XPath and using the
Dojo framework. But all in all, JavaScript is mostly compatible, it's the DOM
you have to watch, trailing commas and some subtle XML properties such as
'hasAttribute', and of course, don't leave in those console.log statements.

Wrapper the low level stuff and make sure all your developers write consistent
code and life will be a lot better.

------
esamek
Good article...your service?

You make me sit there and wait for the results of a scan of a website and then
don't show me it? You then ask me to create an account to view my 2
"borderline-unsecure" vulnerabilities? Ok, account created with dummy email.
Oh whats this? I still can't view the results? I have to upload shit to my
production site in order to just view the results? Did you even actually find
anything wrong?

I understand the security implications of having someone verify they do indeed
own the site scanned...but this bait and switch crap is infuriating. If you
are going to go down that route, at least message it somewhere...clearly.

~~~
borski
You're right regarding the security implications. We can't show
vulnerabilities to someone who hasn't verified they own the site they've
scanned, unfortunately. We're working on ways to message this better
(specifically, having a "Step N of M" with titles for what each step is.

We have some one-off checks that are more 'instant gratification' like our
Rails YAML vulnerability check
([https://www.tinfoilsecurity.com/railscheck](https://www.tinfoilsecurity.com/railscheck))
and we'll be adding more like these in the future.

Sorry you felt it was a bait-and-switch...we'd love to make it up to you. Feel
free to email us at support@tinfoilsecurity.com and we'll definitely try to
make it right. :)

