Online Tool of the Month – Polyfill.io

Browser compatibility is a pain – and that’s a fact. But when your client says, “we need to support IE9 and upwards” you can feel the dread come over you.

Well, fear not as help is at hand in the form of Polyfill.io, a CDN hosted service which will serve up a custom set of polyfills to fill those functionality  gaps in whatever browser makes the call.

Need some of those ‘Math’ or ‘console’ functions that are so readily available in non-IE browsers? Well, Polyfill.io has your back.

Add a single line of code to your mark up and voila – you’re good to go. Remember, before you start panicking about large request sizes the CDN will tailor the response to only those features that the current browser is lacking, which is pretty neat.

From the feature list on their site it is easy to see what is included naively in each browser and what can be polyfilled.

But there’s more – what if you only wanted a single feature, say ‘Function.name’, in IE9/10&11. Even though the service will return a tailored set of polyfills it is possible to view the detection and polyfill scripts for any feature by clicking on the ‘hamburger’ menu to the right of the feature – this takes you to the appropriate location in the Github repo (yep, this is all open source stuff).

The downside to using a CDN though is that if it goes down (and it did once for a client of mine) then it could leave your site somewhat ‘hobbled’ depending on the features you were relying on

Online Tools of the Month – ASafaWeb.com & SecurityHeaders.io

It has come to my attention that ‘ASafaWeb’ has now reached ‘End of Life’ and is no longer accessible. The site developer, Troy Hunt, has posted on his blog the reasoning behind his decision.

We all know that we should be developing with security in mind right from the point of File > New, ensuring that our ASP.NET web applications are configured correctly. The problem is that there are so many configuration settings that can be tweaked and this can become overwhelming.

I heard Troy Hunt speaking on a podcast a while ago talking about a site he had created which would probe a target URL and report back with anything it found, i.e. information that a hacker could potentially use to hack your site. The site is called, ASafaWeb (it makes sense if you read it out loud) and is essentially a service which can determine ‘remotely detectable’ configuration issues with your website, i.e. what it maybe leaking to the world.

By it’s very nature the service requires that the target site is remotely accessible, i.e. you cannot scan your development environment running on http://localhost but there are a number of way around this. Personally I push my web applications to Azure and then target the https://project-name.azurewebsites.net url.

Entering the target email and clicking ‘Scan’ will result in a comprehensive report being generated which covers, (among other things), Custom Errors, Elmah, Clickjacking and Secure Cookies. For each test there is a status indicating whether it Passed, Failed or (for whatever reason) Not Tested along with details of what was tested, why it is important, possible solutions and links to additional resources.

The screenshots show the results for Troys ‘Hack Yourself First‘ website which is uses as a test case for his Pluralsight course of the same name – an excellent watch by the way!

As good as ASafaWeb is there are still potential issues that it doesn’t test for – a line has to be drawn somewhere.

This is where securityheaders.io comes in. Many of us give little thought to the request headers that our browsers send out or the response headers it receives back – but to a potential hacker they can reveal a lot about the inner workings of your site.

Again, the service just requires a target URL to scan and returns details about the headers it received, missing headers (and why they are important) and an overall site rating (from A+ to F).

While there is no guarantee that your site won’t get hacked, these services will help you identify a number of key attack vectors and help minimise your risk – hopefully the hackers will move along to someone less well protected.

Online Tool(s) of the Month: Lorem Ipsum

I’m sure that many of us have used the Lorem Ipsum site to generate some dummy text to use as a placeholder in a webpage or similar. Just something that looks like real text but with no meaning whatsoever. This is ideal if you want to show something to a client when you don’t have the actual copy text yet or you want to play around with some CSS during development.

The thing is, that standard Lorem Ipsum is a little …. well dry to say the least. Yes it is supposed to be meaningless so why should it matter right? Well, just because that’s the way it’s always been doesn’t mean it can’t change.

Enter Bacon Ipsum! Yes, all the goodness of Lorem Ipsum but with a meaty twist ­čśë

Bacon ipsum dolor amet meatball kielbasa bresaola, frankfurter pork chicken meatloaf. Bresaola porchetta meatball, pork chop cupim venison shankle ground round meatloaf shank filet mignon beef ribs pancetta hamburger ham. Drumstick pork chop chicken tri-tip, capicola frankfurter ham ground round shank venison bresaola prosciutto chuck leberkas fatback. Turkey shoulder tail cow. Bacon beef ribs shank ham hock tail. Filet mignon prosciutto capicola boudin tongue.

You can choose between ‘All Meat’ or ‘Meat and Filler’ – there’s even a ‘spicy’ version for the heat seekers out there.

Any of course, Ipsum isn’t just for text – nope, you can (sort of) have Image Ipsum too. Need a sample food image 300px x 200px? No problem, just head over to Lorem Pixel.

Refresh Page for new Image

Of course, it’s not all about food – you can choose from numerous categories; City, Animals, Business, Cats (naturally), transport and more.

I’ve found these sites pretty useful in recent projects where I didn’t have the required assets to hand. Instead of spending time hunting around for images or suitable text from a clients website, I just grab some content from these services and carry on with the task at hand – development.

Online Tool of the Month: .NET Fiddle

I frequently find myself spinning up Visual Studio to create a simple Console Application just to hack out a small piece of functionality. In an attempt to not adversely affect the code I’m actually working on or having to step through the application to the required point, I create a simple project to quickly try things out.

Dot Net Fiddle User Interface

Examples include testing Regular Expressions and Linq queries.

Well I’ve been using .NET Fiddle (think JSFiddle for .NET) for a while now and it’s a great little tool for quickly trying these things out.

Not limited to C# Console Applications, .NET Fiddle also lets you write Script, MVC and Nancy projects using VB.NET or F#.

With the Auto Run option set to Yes the code is compiled whenever a change is detected so it’s ideal for my needs – outputting to the Console and quickly validating my code.

Compiler errors are displayed as normal and there is limited support for Nuget packages as well.

Best of all – it’s free to use and you don’t even need to sign up. What’s not to like?