

Because Spain won, jQuery: Novice to Ninja is free for 24 hours - superduper
http://sale.sitepoint.com/

======
JenSheahan
Hi - It's Jen from SitePoint, here. Glad to hear you guys are enjoying the
free copy of jQuery:Novice to Ninja!

As for marketing emails, we always include an "unsubscribe" link. SitePoint
will never sell your email address or your information.

Enjoy the freebie!

~~~
jdeseno
A nice checkbox 'send me marketing upates' below the email entry box would be
really nice. These days most people appreciate an opt-in experience to opt-
out.

~~~
_pius
I actually think that if you're getting a free book out of it, the publisher
should be able to get at least _one_ marketing e-mail to you before you decide
not to see any more of their offers ...

~~~
crystalis
Isn't marketing about getting your product in the customer's hands? Your
product should be able to handle it from there.

------
Sephr
The email address you enter won't matter. Just put in any valid email address
you want and then visit <http://sale.sitepoint.com/claimpdf.php?email=> with
the email address you entered appended to the end.

~~~
jackowayed
In that vein, <http://sale.sitepoint.com/claimpdf.php?email=foo%40bar.com> is
now a direct download link :)

------
DrJokepu
Interesting book, I just wish it didn't use the .html() function that much,
especially the .html(externalInput) pattern - it's a great way to open XSS
(cross-site scripting) vulnerabilities on your page unless you're very careful
and the author apparently doesn't warn the reader to be careful.

~~~
sdesol
Could you elaborate on this or point me to a site that explains the security
risks?

For my product, I have a web app that does 100% of the rendering in Javascript
so I use html() a lot. I adhere by the rule that I don't trust anything that
comes from the client so I'm curious to learn what the security problem may
be.

Thanks.

~~~
varaon
All you need: <http://www.owasp.org/index.php/XSS>

~~~
sdesol
Thanks for the link but I really don't see anywhere where it says using
something like html() would be a greater risk. The rule of thumb is to
sanitize information from untrusted sources. And as long as you adhere to this
rule, I really don't see how using html() would pose a security threat. That
is unless I'm missing something?

~~~
tptacek
I think the suggestion is that programmatically creating specific DOM nodes is
safer than handing the library a string containing user input and hoping that
the browser doesn't interpret it in a way that corrupts the DOM.

~~~
sdesol
I certainly agree with this but I think it's misleading to say it increases
your chances for xss security threats. I can see it increasing the chances of
having a webpage not behave properly across all browsers though.

~~~
mhansen
Say some "<script>do_bad_stuff();</script>" got through from some source you
just expected to have text. (e.g. this happened for youtube the other day)

If you insert this into the DOM with html(), it will execute the script, doing
bad things. If you insert it into the dom with e.g. text(), it won't be
interpreted.

~~~
DrJokepu
You don't even need a script tag. Any tag with event attributes will work,
e.g. <span onmouseover="alert('XSS')">Hello World!</span>

------
aditya
Just make sure you use a throw-away email address... Sitepoint _will_ spam you
like crazy. No such thing as a free lunch :-)

~~~
babyboy808
As a Sitepoint subscriber for about 5 years now, no they don't.

~~~
telemachos
I don't subscribe, but I've given them my email a handful of times to receive
free samples of books. (They're extremely generous with this. In a couple of
cases, they sent easily half a book as a free sample.)

My experience has been that they're on the low-volume end of the "we have your
email" spectrum. Not nothing, but not hideous.

~~~
JenSheahan
Glad to hear you feel this way. Spam is not good. Thanks! Jen (sitepoint.com)

------
jurjenh
So where do we find out if Amelia said yes?

look in the dedications section, and you'll see what I mean...

~~~
watchdogtimer
She did. Check out the Sitepoint podcast where they interview the book's
authors.

~~~
gridspy
It would suck to have that proposal in print if she said no. Talk about a
constant reminder.

~~~
chrislloyd
Earl was more worried that she wouldn't read it!

------
baddox
I gave them my email with a plus sign in it, and I was surprised that the web
form accepted it and I got the email. However, clicking on the link they
emailed me, which had my email (and therefore the plus sign) in the url, broke
their site and just sent me back to TFA. Nice bugs guys.

~~~
BauerUK
Did you submit some feedback reporting this issue?

<http://www.sitepoint.com/contact>

------
spuz
On the one hand: this is pretty cheap marketing tactics; on the other hand:
Yay, free book! :)

------
tptacek
Smart. The book isn't bad, either; I saved my copy.

------
mkramlich
I'm guessing there could be a lot of promotions today across the net where the
format/justification is: "Because <whoever-doesn't-really-matter> won, then
<something> is <free-or-on-sale>"

not that that is a bad thing

------
ImFatYoureFat
Having looked at their bracket I kind of wish France or Germany had won.

~~~
vinutheraj
France was gone after the group stages. I don't think they assigned any book
to France ?!

~~~
ImFatYoureFat
you're right, I'm an idiot and was looking at the Netherlands flag.

------
kuahyeow
Skimming through the book, it is clearly written and starts with small steps
for the JQuery beginner. I'm not sure how someone with no Javascript would
fare. But for someone who has been using JQuery for a while it's worth about 5
minutes of skimming.

------
lecha
Amazon has nice reviews of this book. Thanks for doing this.

------
lakeeffect
Has anyone read this, and would make the recommendation.

------
dbrannan
I had already purchased this book, but it will still be nice to have a PDF
version. Thanks SitePoint!

~~~
JenSheahan
You're welcome! Jen (sitepoint.com)

------
argsv
it comes in pdf/kindle/[nook] formats. very very nice. thank you. Now who won?
and what?

just kidding. I've very happy Spain won.

------
switch
got 9 spam emails a few minutes after signing up for this. way to go
superduper.

------
danishkhan
this is awesome. can't wait to read it!

------
bhrgunatha
Well I thought hacker news was one place I could visit without World cup
spoilers. How wrong I was. Well that's ruined my morning.

------
cmz
dl link
[http://s3.amazonaws.com/sitepoint-5for1-jquery1pdf/jquery1pd...](http://s3.amazonaws.com/sitepoint-5for1-jquery1pdf/jquery1pdf.zip?AWSAccessKeyId=1VXE8MPZ14ENBK220TG2&Expires=1278891094&Signature=ep%2Bz%2B26xffKE4cp3tRXbI0kJ%2BR0%3D)

~~~
Raphael
mirror?

~~~
cmz
thought the link might live longer. I used guerrillamail to set up a temp
email account

