loom

Generate your TLD using java annotations

If you are stuck with JSP and keeping your TLD files by hand (like me), you are probably ignoring the elephant in the room: Tag classes must be kept up-to-date with the TLD by hand. This means duplicate effort, a.k.a. "XML sucks". For any non-trivial tag library, inheritance…

XSS patch for tomcat, jetty and glassfish

In case you didn't know, any application with a JSP page that uses ${foobar} with user-introduced data is inherently insecure. The 10-seconds Intro To The Joy Of XSS goes a little like this: Go to some data input form. Enter <script>window.location.href='http://badguys.com'<…

Extend HTML with your own metadata

You know that thing about space shuttle rockets being two-horse-asses-wide. If you want to save some time, the motto of the story is Specifications and bureaucracies live forever. I do love HTML despite the fact that we are still tied to the HTML 4 spec (1999). I would find use…

Design with real-life experience in mind

Real-life requirements are strokes of a bigger landscape. Designing for a partial set of requirements is bad practice because you do not have the photo where your application is expected to fit. In GoF patterns jargon we are talking about the forces thing that prevents any pattern from being applicable…