Syntax - Tasty Web Development Treats

731: Client side security, XSS attacks & CSP with Stripe’s Alex Sexton

6 snips
Feb 16, 2024
In this chat, Alex Sexton, a security expert at Stripe, dives into the nitty-gritty of client-side security and Content Security Policy (CSP). He explains how CSP helps guard against cross-site scripting (XSS) attacks and shares tales of past security mishaps. Alex discusses the challenges of implementing CSP in large applications and best practices to keep web projects secure. Plus, he highlights the importance of maintaining robust security measures in development while navigating the complexities of modern web technologies.
Ask episode
AI Snips
Chapters
Transcript
Episode notes
ANECDOTE

Alex Sexton's Background

  • Alex Sexton, a long-time Stripe engineer, co-hosted the Yay Query podcast and contributed to Modernizr.
  • He's the fourth most tenured employee at Stripe, highlighting his long-standing contribution.
INSIGHT

Stripe Dashboard Evolution

  • Stripe's dashboard blends legacy code (Backbone, CoffeeScript, Bootstripe) with newer React-based components (Sale Classic, Sale Next).
  • This layered approach shows the evolution of a complex production system over time.
INSIGHT

Stripe.js Hosting

  • Stripe serves its JavaScript from its servers due to PCI compliance rules around credit card tokenization.
  • While subresource integrity could allow self-hosting, PCI rules haven't fully adopted it.
Get the Snipd Podcast app to discover more snips from this episode
Get the app