A nice checkbox 'send me marketing upates' below the email entry box would be really nice.
These days most people appreciate an opt-in experience to opt-out.
I actually think that if you're getting a free book out of it, the publisher should be able to get at least one marketing e-mail to you before you decide not to see any more of their offers ...
The email address you enter won't matter. Just put in any valid email address you want and then visit http://sale.sitepoint.com/claimpdf.php?email= with the email address you entered appended to the end.
I guess I'm not making myself popular with saying this, but why is it that when somebody offers something for free you still find yourself compelled to subvert the one thing they ask from you? They give you something you (supposedly) value yet you still try to screw these people out of something that costs you very little. I guess you're going to whine about spam now, but come on, do you really think these people are trawling email addresses for viagra spam by giving away jquery ebooks? And if (I don't know if they will, just if) they ever send you an email, you click the unsubscribe link and off you go. I'd say that this is a small price to pay for (again) something that has at least some value to you.
(This has become a pet peeve of mine since we started offering a free tool that is valuable to many people and for which the commercial alternatives cost thousands of dollars. We ask name and affiliation to get a feel for our user base, people who usually just download and are never heard from again. Most people just fill it in, but every now and then there's some smartass who feels it's necessary to fill in "asdfasdf". I don't do email address validation either, I know it's impossible to check anyway. Show a little respect for what others are GIVING you for FREE).
Your definition of FREE is way off. Having worked for online marketing companies for years, I can tell you that exchanging your email address for something is far from free. You are essentially signup up for a never ending deluge of spam.
Of course, not everyone who asks for your email address is going to sell it to spammers, but enough are that it merits caution.
Fine if you want to play semantic games, let's say it's not free because they require your email address. How does that make it OK to provide a fake one? The deal is: you get the ebook in return for your email address. Either you take it or leave it, you don't take what is offered and then return nothing. The level of denial and cognitive dissonance in your answer is mind boggling, how can you justify what is plainly breaking your end of the deal on an offer that is already very reasonable?
Their email address validator is broken anyway. It doesn't support host names with subdomains such as foobar@foo.bar.org At least it supports addresses such as foo.bar@foobar.org
Interesting book, I just wish it didn't use the .html() function that much, especially the .html(externalInput) pattern - it's a great way to open XSS (cross-site scripting) vulnerabilities on your page unless you're very careful and the author apparently doesn't warn the reader to be careful.
Could you elaborate on this or point me to a site that explains the security risks?
For my product, I have a web app that does 100% of the rendering in Javascript so I use html() a lot. I adhere by the rule that I don't trust anything that comes from the client so I'm curious to learn what the security problem may be.
You can do the filtering either on input or output (or both if you want to be very careful). Both works, however I prefer filtering on output because (a) if a new way to conduct an XSS attack is discovered, I only need to update code, not data; (2) if tomorrow HTML gets replaced by a hypothetical future document format, I would need to refilter all my data if I only filter at input.
Thanks for the link but I really don't see anywhere where it says using something like html() would be a greater risk. The rule of thumb is to sanitize information from untrusted sources. And as long as you adhere to this rule, I really don't see how using html() would pose a security threat. That is unless I'm missing something?
I think the suggestion is that programmatically creating specific DOM nodes is safer than handing the library a string containing user input and hoping that the browser doesn't interpret it in a way that corrupts the DOM.
I certainly agree with this but I think it's misleading to say it increases your chances for xss security threats. I can see it increasing the chances of having a webpage not behave properly across all browsers though.
Say some "<script>do_bad_stuff();</script>" got through from some source you just expected to have text. (e.g. this happened for youtube the other day)
If you insert this into the DOM with html(), it will execute the script, doing bad things. If you insert it into the dom with e.g. text(), it won't be interpreted.
I don't subscribe, but I've given them my email a handful of times to receive free samples of books. (They're extremely generous with this. In a couple of cases, they sent easily half a book as a free sample.)
My experience has been that they're on the low-volume end of the "we have your email" spectrum. Not nothing, but not hideous.
I've subscribed to their forums with an email that I link to them, so I know for a fact that they spam. They also write articles that are really paid for ads, so the shady meter for sitepoint.com is over toward the orange side of the scale... but, you know... you gotta make money I guess.
Do you have 'Receive Email from Administrators' enabled on your account? I do, which is I assume why they occasionally email offers and is also why I don't consider them spammers. I do agree with you that their content has slipped in recent years though.
Thought so myself, so I used mailinator. The book looks cute, though, despite my unfettered hatred for the Ninja term (don't get me wrong, I lurve ninjas, but programmers are neither Japanese assassins nor famous musicians).
Rather generious formatting, though. Printed, this would be one of those books that could've been done with half the pages and still be as readable. (And for online reading, who needs margins and reference sections?)
I gave them my email with a plus sign in it, and I was surprised that the web form accepted it and I got the email. However, clicking on the link they emailed me, which had my email (and therefore the plus sign) in the url, broke their site and just sent me back to TFA. Nice bugs guys.
Skimming through the book, it is clearly written and starts with small steps for the JQuery beginner. I'm not sure how someone with no Javascript would fare. But for someone who has been using JQuery for a while it's worth about 5 minutes of skimming.
I'm guessing there could be a lot of promotions today across the net where the format/justification is: "Because <whoever-doesn't-really-matter> won, then <something> is <free-or-on-sale>"
As for marketing emails, we always include an "unsubscribe" link. SitePoint will never sell your email address or your information.
Enjoy the freebie!