target _blank security issue

I think this is an old issue, but I only just learned about it via a lint error react/jsx-no-target-blank I got in a react project.

Apparently a new window opened by a link, has access to the originating window object.
When this new window is another (malicious) site, it has access to the dom of the site that linked it.

Adding rel=”noopener noreferrer” to your anchor tag mitigates this risk.

Check this much better quick decent explanation:
https://mathiasbynens.github.io/rel-noopener/

Theme music for this blog post

Advertisements
target _blank security issue

Manifesto for Half-Arsed Agile Software Development

Can’t believe I hadn’t come across this before:

http://www.halfarsedagilemanifesto.org/

“We prefer the term resources”, lol, reminds me of the affectionate “EFT” used to refer to human beings.

Cynical, but funny, because it’s true πŸ˜‰

 

 

Manifesto for Half-Arsed Agile Software Development

EF6 VS EF Core inheritance

Lost some time with this subtle gotcha, so maybe this will help you spare time.

In EF6 you can configure inheritance with a single type.

An inheritance hierarchy with a single type might seem pointless, but I saw this get used to automatically filter data, which I found pretty clever (to ignore records marked as deleted, the discriminator column was used to only map records with deleted set to false)

Say you want to map SomeEntity only to rows that have value “SomeEntityType” in the field Discriminator:

public class SomeContext : DbContext
{
   protected override void OnModelCreating(DbModelBuilder modelBuilder)
   {
      modelBuilder.Entity<SomeEntity>()
         .Map(m => m.Requires("Discriminator")
            .HasValue("SomeEntityType")
         );
   }
}

Now, transporting the EF6 implementation as is to EF Core syntax won’t work:

// EF Core: incorrect
modelBuilder.Entity<SomeEntity>()
   .HasDiscriminator<string>("Discriminator")
   .HasValue<SomeEntity>("SomeEntityType");

However the gotcha is, that it won’t work, but it won’t crash or warn you either. It will just return all SomeEntities, ignoring the discriminator. Nothing gets added to the WHERE clause in the generated T-SQL.

I spend some time troubleshooting this, until I carefully read the docs again:

EF will only setup inheritance if two or more inherited types are explicitly included in the model

https://docs.microsoft.com/en-us/ef/core/modeling/inheritance

So in the incorrect mapping, the base type gets setup but nothing else, so no discriminator gets applied (it just ignores the faulty configuration apparently).

You actually need have a separate base and derived type, and map them accordingly, like so:

// EF Core: correct
modelBuilder.Entity<SomeEntityBase>()
   .HasDiscriminator<string>("Discriminator")
   .HasValue<SomeEntityBase>("NotSomeEntityType")
   .HasValue<SomeEntity>("SomeEntityType");

A bit more verbose, but in normal inheritance scenarios you would have had the base type anyway.

Theme music for this blog post

EF6 VS EF Core inheritance