Skip to main content
Ben Nadel at cf.Objective() 2009 (Minneapolis, MN) with: Laura Arguello
Ben Nadel at cf.Objective() 2009 (Minneapolis, MN) with: Laura Arguello

Recent Blog Posts by Ben Nadel

Remediating CSV Injection Attacks In ColdFusion

By Ben Nadel on
Tags: ColdFusion

A few days ago, I didn't know what a CSV Injection Attack was. I love generating CSV (Comma Separated Value) files in ColdFusion. And, heretofore, I had always thought of CSV files as containing nothing more than inert text data. On Wednesday, however, David Epler - one of our senior security engineers - got the results of our ongoing Penetration Test (PenTest); and, lo-and-behold, one of the identified vulnerabilities was "CSV Injection". Since this was an unknown attack vector for me, I assume it is also an unknown issue for some of you. As such, I wanted to look at remediating CSV Injection attacks in ColdFusion... read more →

Working Code Podcast - Episode 94: Disagree And Commit

By Ben Nadel on
Tags: Podcast

People don't burn out because they have too much work to do, they burn out because they feel powerless. And, for me, feeling powerless correlates strongly with doing work that I doesn't believe in. Which is why I've never understood the notion of, "Disagree and commit". After all, in order to quell the feelings of dissent, I often have to numb a fundamental part of who I am; and, I'm convinced that such a technique can't be good for the overall creative process... read more →

Considering Control Flow And Transient Data Relationships In ColdFusion

By Ben Nadel on
Tags: ColdFusion

Back in the day, when I had no separation of concerns in my ColdFusion application architecture, some things were actually easier because I was always dealing with raw data. Which meant, if I had an optional or transient relationship between two entities in my database, I could query for a record and then simply check .recordCount on the CFQuery results to see if the relationship existed. Now, however, with a layered ColdFusion architecture that boasts a strong separation of concerns, that raw data is abstracted away; and, while many things have become easier, dealing with these transient relationships has become a bit harder. And, I'm still trying to figure out how to best handle this in ColdFusion... read more →

CAUTION: Your JavaScript / Node Module Might Be A "Singleton" (Anti-Pattern)

By Ben Nadel on

In the world of programming, the Singleton design pattern is often criticized as an anti-pattern: it is not flexible, it makes testing harder, dependency management harder, and violates the single-responsibility principle. Which is why you should try to avoid using the Singleton pattern in most cases. That said, I suspect that a lot of JavaScript programmers are using the Singleton pattern without even thinking about it by co-opting their JavaScript modules as initialization vectors... read more →

Key Conflicts On INSERT Still Increment AUTO_INCREMENT Value In MySQL

By Ben Nadel on
Tags: ColdFusion, SQL

When it comes to database schema design, picking the right indexes is a critical part of how you architect your ColdFusion applications. Not only do indexes lead to greatly improved performance, they can also be used to enforce data integrity and drive idempotent workflows. Earlier this year, I looked at some of the techniques that MySQL provides for gracefully reacting to key-conflicts; but, one thing that I completely missed in that exploration was the fact that key-conflict errors still increment the table's underlying AUTO_INCREMENT value... read more →

Working Code Podcast - Episode 93: Sounds Easy, Sure Isn't

By Ben Nadel on
Tags: Podcast

On Adam's team, whenever anyone uses the phrase "just" to describe a level-of-effort, everyone jumps in and echoes "just" using air-quotes. Because, as many of us have learned over the years, nothing is ever as simple as it seems, especially in the world of web development. On this week's show, we talk about some of those tasks that end up being way more complicated than they should have been. Things such as vertically aligning content, using JavaScript in 2022, logging data with sufficient context, tracking who made changes to a database, and storing notification flags for users that may never come back to your application - each can quickly become a deep rabbit hole of complexity!.. read more →

Using Type Guards To Narrow Down Error Handling Types In Angular 14

By Ben Nadel on

Over the weekend, I added an Angular 14 front-end to my Strangler feature flag exploration in Lucee CFML. However, something wasn't sitting right with me: Error handling. In TypeScript, the type of an error variable within a catch block (or Promise callback) is always any. This makes for relatively easy error handling; but, it side-steps the type safety normally provided by the compiler. As such, I wanted to go back and add a Type Guard with a Type Predicate that will help my error handling workflow narrow down the value being caught... read more →

Adding An Angular 14 Front-End To My ColdFusion Feature Flag Exploration

By Ben Nadel on

About a month ago, I posted Strangler: Building a Feature Flag System in ColdFusion. That proof-of-concept was constructed in Lucee CFML using a standard post-back workflow wherein each navigation begot a full page refresh. Over the last few weeks, I've been dribbling some effort into creating a thick-client experience using Angular 14. The UI (User Interface) still leaves a lot to be desired; but, I think as a second-stage proof-of-concept, there's enough here to be demoed... read more →

Canvas "alphabetic" textBaseline Is Consistent Across Browsers

By Ben Nadel on

Earlier this week, I took a look at rendering text to <canvas> using an adjusted X,Y offset for cross-browser consistency. In that demo, I was using a textBaseline of top, which is inherently different from browser to browser. After I posted that, Jan Sedivy - creator of InVision Freehand - told me that while top may be inconsistent, a textBaseline of alphabetic is rendered perfectly across all browsers. And, in fact, also matches the baseline rendering of the browser's native text (outside of Canvas). As such, I wanted to perform a fast-follow demo to look at how the alphabetic baseline renders in Chrome, Firefox, and Safari... read more →

Working Code Podcast - Episode 92: The Power Of No

By Ben Nadel on
Tags: Podcast

This week on the show, the crew talks about the Power of No. For many of us, saying "No" is usually a challenge. Saying "Yes", on the other hand, is usually the path of least resistance. Saying "Yes" also feels good. In fact, saying "Yes" has so much appeal that we often rush into saying "Yes" to work before we even understand what that work entails or how urgent that work actually is. And, in many cases, that eager "Yes" ends up leading to a future failure. Which is why getting to "No" - or "No, but..." - can help us maintain both our sanity and our professional relationships... read more →

Rendering Text To Canvas With Adjusted X,Y Offsets For Better Cross-Browser Consistency

By Ben Nadel on

At InVision, I recently added the ability for any type of user to come in and generate a "placeholder" screen (see Video demo on LinkedIn). These placeholder screens are generated, in part, by rendering text to Canvas. As I soon discovered, rendering text at (0,0) coordinates means different things to each browser. As such, I had to slightly adjust the location of the rendered text in the various browsers. Right now, I'm doing this with some "user agent sniffing"; but, I'd like to evolve my approach to be more programmatic and less heavy-handed. And, to do that, I have render-and-detect the inconsistent offsets being used by each browser at runtime... read more →

Working Code Podcast - Episode 91: Side Projects

By Ben Nadel on
Tags: Podcast

On this week's show, Carol and I get to spend some quality one-on-one time talking "side projects": the coding that we do on the side because we freakin' love coding, like so freakin' much! Carol celebrates the WordPress site that she's built and now maintains for her son's band, including the ability to accept payments and donations. And, I talk about trying to build a feature flag system using Lucee CFML and Angular. I also confesses that running this blog for 17-years has historically had a negative impact on my resolution to do more exploratory work... read more →

Playing With Standalone Components / Optional Modules In Angular 14

By Ben Nadel on

In the very early days of modern Angular, you could import a Component and then provide it as a declaration to be used within another Component. Then, Angular switched over to using NgModule, which became the de facto packaging and configuration container for the last 5-or-6 years. Now, in an effort to provide a more streamlined developer experience, Angular is once again allowing Components to be consumed without an intermediary NgMogule container. This new-old feature is called "Standalone Components", or "Optional Modules". I haven't written too much Angular lately (been focused heavily on Lucee CFML); so, I thought this would be a good chance to dust off my Angular skills... read more →

Tokenizing Date/Time Values In Lucee CFML 5.3.7.47

By Ben Nadel on
Tags: ColdFusion

After my post yesterday, on bucketing dates using floor() in ColdFusion, James Moberg mentioned on Twitter that he prefers to tokenize his dates using the various date parts. This creates a human-friendly token as opposed to the proprietary numeric representation that I was using in my post. Using the numeric representation makes things like looping super easy; but, can make debugging a bit harder. As such, I wanted to take a moment and think about James' approach to tokenizing date/time values in Lucee CFML 5.3.7.47... read more →

Bucketing Dates Using floor() In ColdFusion

By Ben Nadel on
Tags: ColdFusion

In ColdFusion, a date can be represented both as a date and as a number. And while you might easily get through your entire career without knowing about "numeric dates", this CFML language feature has some really neat benefits. For example, we can use floor(date) in order to get the numeric representation of the day on which a date occurs. This allows us to quickly "bucket" a set of dates by day in ColdFusion... read more →

Using jSoup To Fix Post-Marriage Name Changes In ColdFusion 2021

By Ben Nadel on
Tags: ColdFusion

At the beginning of this year, I started using jSoup on my ColdFusion blog. This opened up all kinds of possibilities from extracting Open Graph / Twitter Card data to generating blog post previews to injecting anchor links on my section titles. And now, this morning, I realized that I could use it to fix post-marriage name changes; at least, until I update the underlying content... read more →

Working Code Podcast - Episode 90: Side Hustles

By Ben Nadel on
Tags: Podcast

This week on the show, the crew talks about side hustles: the very American desire to be making money on the side. While many people in this world need side hustles in order to make ends meet, those in our industry (technology) often incur side hustles as a voluntary affliction. Of course, there's a fixed number of hours in each day; so, you're either earning passive income; or, you're taking time away from your other interests (and commitments). This isn't always healthy. Nor should it be seen as a right of passage - we on the show have a lot of respect for people that are simply content and who can live their lives without grinding themselves down to a nub... read more →

Working Code Podcast - Episode 89: What Makes A Good Roadmap?

By Ben Nadel on
Tags: Podcast

Like Michelangelo with a block of marble, we engineers often like to dive right into the code and let the application reveal itself to us. And while this may work on a small scale, this extreme bias-towards-action isn't prudent for larger teams or companies with a growing client-base. Mature companies have roadmaps. They weigh the benefit of building one feature against the opportunity cost of not building another feature. Mature companies get buy-in both internally and externally. They then evolve their vision based on that feedback when it make sense; or, they apply grit when it is required... read more →

Using jSoup To Extract JSON+LD Structured Data In ColdFusion 2021

By Ben Nadel on

On it's own, Google does a great job of parsing, inspecting, and conveying the content of web-pages in their search results. However, as content creators, we can help Google understand the meaning of a page by embedding structured data in our markup. In a perfect world, I'd have all of this structured data ready to go. But, in reality, I'm going to try and retroactively squeeze my current content into a structured data format: JSON+LD. And, to get this done, I'm going to use jSoup to locate and extract image URLs in my ColdFusion 2021 blog... read more →

Rendering Wrapped Text To A Canvas In JavaScript

By Ben Nadel on

Yesterday, I looked at using the Range class to detect line-breaks in a text-node within the DOM (Document Object Model). Normally, you don't need to think about the line breaks that the user is seeing in the browser. However, I have a use-case in which I need to render said text to a <canvas> element. And, since the <canvas> API has no inherent way to render line-wrapped text, all line-wrapping has to be performed progammatically. As such, I wanted to post a fast-follow demo in which I use the line-break detection from yesterday's demo to render wrapped text to a Canvas element in JavaScript... read more →

Detecting Rendered Line Breaks In A Text Node In JavaScript

By Ben Nadel on

At work, I've been building a way to generate "placeholder" images using a fragment of the DOM (Document Object Model). And, up until now, I've been using the .measureText() method, available on the Canvas 2D rendering context, to programmatically wrap lines-of-text onto a <canvas> element. But, this approach has proven to be a bit "glitchy" on the edges. As such, I wanted to see if I could find a way to detect the rendered line breaks in a text node of the document, regardless of what the text in the markup looked like. Then, I could more easily render the lines of text to the <canvas> element. It turns out, the Range class in JavaScript (well, in the browser) might be exactly what I need... read more →

Working Code Podcast - Episode 88: Documentation, Yay!

By Ben Nadel on
Tags: Podcast

This week on the show, the crew talks about documentation. Yay! As developers, there's no doubt that we all love consuming great documentation - especially for APIs. But, nary a one of us enjoys the process of creating documentation. Except maybe Adam, who's oddly passionate about communication. For the rest of us, however, documenting our choices and our subsequent outcomes feels a bit of a slog. It's never clear when we should be writing documentation; it's never clear what we should be documenting; and, it's never clear just how much detail we need to include. And sometimes, ironically, it seems that the more thoroughly we document a topic, the more likely it is to be misunderstood. So, that's awesome!.. read more →

Updated Thoughts On Validating Data In My Service Layer In ColdFusion

By Ben Nadel on
Tags: ColdFusion

When I was building my proof-of-concept (POC) for feature flags in ColdFusion, I started to work with complex data structures that were far more complex than the flat, relational data that I'm used to working with. As such, I didn't have an good instinct about how to go about validating, sanitizing, and normalizing this data. In an earlier post, I looked at validating complex, nested data structures in ColdFusion; but, validation turns out to only be part of the story - especially in a dynamically-typed, case-insensitive runtime. Now that my POC is published, I wanted to circle back and share my updated thoughts on handling data in my ColdFusion service layer... read more →

Strangler: Building A Feature Flag System In ColdFusion

By Ben Nadel on
Tags: ColdFusion

For the last month-or-so, I've been quiet on this blog. Much of that is, unfortunately, stress-related; but, much of it is also do to a small rabbit-hole that I fell into: Feature Flags. If you've followed this blog for any period of time, you've no doubt seen me rave about feature flags. At work, I use and love LaunchDarkly; but, LaunchDarkly is too expensive for side-projects (such as this blog). As such, I wanted to see if I could create a LaunchDarkly-inspired feature flag system for my own personal ColdFusion projects. I'm calling this proof-of-concept "Strangler" (as in the Strangler pattern)... read more →

Working Code Podcast - Episode 87: Note To Self

By Ben Nadel on
Tags: Podcast

On today's episode, we get to pull up the floor boards and once again peer into the dark, disturbing recesses of my brain: all the random and, frankly, sometimes incoherent chit-cat that I have with myself. Listen to me call B.S. on flaky tests; shake my first at overly-specific CSS selectors; preen about GulpJS builds; pontificate on the ROI (return on investment) of personal growth; and, theorize that building - not buying - can sometimes be the smarter and less bureaucratic move to make... read more →

ColdFusion Alive, Episode 117: Adobe ColdFusion And Lucee CFML Roundtable, Part III

By Ben Nadel on
Tags: ColdFusion

Ask me what I love about ColdFusion and I won't be able stop myself - there's too dang much to discuss! But, thankfully, I'm not the only one afflicted with such a luxurious problem. Which is why Michaela Light, Charlie Arehart, Gert Franz, Mark Drew, and I got together - yet again - to have a round table discussion about ColdFusion (Episode 117) on the ColdFusion Alive podcast... read more →

Working Code Podcast - Episode 86: The Working Code Test

By Ben Nadel on
Tags: Podcast

Twenty-two years ago, Joel Spolsky wrote an article titled, The Joel Test, which outlines 12-steps for evaluating the quality of a software team. At the time, Joel was working with Microsoft, building products that were delivered on CD-ROM. As such, his day-to-day workflow was somewhat different than the kind of work that I do. That said, much of what he had in his 12-point litmus test still holds true! Which I believe is a testament to how fundamental his insights were. This week on the show, we review Joel's list, give each item our personal Yay or Nay, and then add a few requirements of our own... read more →

Working Code Podcast - Episode 85: Shipping Complexity

By Ben Nadel on
Tags: Podcast

The less code you write, the easier it is for people to review, the less likely it is to contain bugs, and the more likely it is to merge cleanly into your main integration branch. The converse of this tends to also be true: the more code you write - particularly within a long-lived feature branch - the harder it is to review and the more likely it is to contain bugs that cause production issues. We all basically hold this to be true; however, that doesn't mean that we can simply choose to do the former. Shipping less complexity is a byproduct of both team and technology constraints. This week on the show, the crew talks about how we try to reduce the complexity of our code-shipping process... read more →

Pretty-Printing JSON Using GSON In Lucee CFML 5.3.9.141

By Ben Nadel on
Tags: ColdFusion

I'm currently working on a proof-of-concept (POC) for a feature flag system in Lucee CFML. And, for my POC data persistence layer, I've been using a simple, flat JSON (JavaScript Object Notation) text file. This works great; but, I found myself wishing that the JSON file was pretty-printed so that I could more easily debug my data persistence algorithms. ColdFusion's native serializeJson() function doesn't have a pretty-print feature; but, I was able to use Google's GSON library to generate pretty-printed JSON output in Lucee CFML 5.3.9.141... read more →

Using Multiple Break Statements In A Single Case Clause In ColdFusion

By Ben Nadel on
Tags: ColdFusion

For the last few weeks, I've been quasi-heads-down, noodling on a workflow that builds-up complex objects using form POSTs in ColdFusion; and, as part of that workflow, I have a switch statement that defines some mutations on the pending-object in question. The other day, my logic was getting a bit complicated and I went to see if I could use multiple break statements within a single case clause. Turn out, this totally works in ColdFusion... read more →