69 comments

[ 4.1 ms ] story [ 154 ms ] thread
On the one hand: this is pretty cheap marketing tactics; on the other hand: Yay, free book! :)
Smart. The book isn't bad, either; I saved my copy.
Just make sure you use a throw-away email address... Sitepoint will spam you like crazy. No such thing as a free lunch :-)
Thought so myself, so I used mailinator. The book looks cute, though, despite my unfettered hatred for the Ninja term (don't get me wrong, I lurve ninjas, but programmers are neither Japanese assassins nor famous musicians).

Rather generious formatting, though. Printed, this would be one of those books that could've been done with half the pages and still be as readable. (And for online reading, who needs margins and reference sections?)

As a Sitepoint subscriber for about 5 years now, no they don't.
I don't subscribe, but I've given them my email a handful of times to receive free samples of books. (They're extremely generous with this. In a couple of cases, they sent easily half a book as a free sample.)

My experience has been that they're on the low-volume end of the "we have your email" spectrum. Not nothing, but not hideous.

Glad to hear you feel this way. Spam is not good. Thanks! Jen (sitepoint.com)
I've subscribed to their forums with an email that I link to them, so I know for a fact that they spam. They also write articles that are really paid for ads, so the shady meter for sitepoint.com is over toward the orange side of the scale... but, you know... you gotta make money I guess.
Do you have 'Receive Email from Administrators' enabled on your account? I do, which is I assume why they occasionally email offers and is also why I don't consider them spammers. I do agree with you that their content has slipped in recent years though.
(comment deleted)
Thats not as big of a problem, as if; the Adobe pdf they sent has security violations.
Better yet, just go to mailinator and check the "sitepoint" inbox. There's already 3 links sent there, thanks to the efforts of others!
Having looked at their bracket I kind of wish France or Germany had won.
France was gone after the group stages. I don't think they assigned any book to France ?!
you're right, I'm an idiot and was looking at the Netherlands flag.
Not France! They hand balled us out
not to worry, france got their karma :), they were sucks this world cup
I'm guessing there could be a lot of promotions today across the net where the format/justification is: "Because <whoever-doesn't-really-matter> won, then <something> is <free-or-on-sale>"

not that that is a bad thing

So where do we find out if Amelia said yes?

look in the dedications section, and you'll see what I mean...

She did. Check out the Sitepoint podcast where they interview the book's authors.
It would suck to have that proposal in print if she said no. Talk about a constant reminder.
Earl was more worried that she wouldn't read it!
Interesting book, I just wish it didn't use the .html() function that much, especially the .html(externalInput) pattern - it's a great way to open XSS (cross-site scripting) vulnerabilities on your page unless you're very careful and the author apparently doesn't warn the reader to be careful.
Could you elaborate on this or point me to a site that explains the security risks?

For my product, I have a web app that does 100% of the rendering in Javascript so I use html() a lot. I adhere by the rule that I don't trust anything that comes from the client so I'm curious to learn what the security problem may be.

Thanks.

Thanks for the link but I really don't see anywhere where it says using something like html() would be a greater risk. The rule of thumb is to sanitize information from untrusted sources. And as long as you adhere to this rule, I really don't see how using html() would pose a security threat. That is unless I'm missing something?
I think the suggestion is that programmatically creating specific DOM nodes is safer than handing the library a string containing user input and hoping that the browser doesn't interpret it in a way that corrupts the DOM.
I certainly agree with this but I think it's misleading to say it increases your chances for xss security threats. I can see it increasing the chances of having a webpage not behave properly across all browsers though.
Say some "<script>do_bad_stuff();</script>" got through from some source you just expected to have text. (e.g. this happened for youtube the other day)

If you insert this into the DOM with html(), it will execute the script, doing bad things. If you insert it into the dom with e.g. text(), it won't be interpreted.

You don't even need a script tag. Any tag with event attributes will work, e.g. <span onmouseover="alert('XSS')">Hello World!</span>
You can do the filtering either on input or output (or both if you want to be very careful). Both works, however I prefer filtering on output because (a) if a new way to conduct an XSS attack is discovered, I only need to update code, not data; (2) if tomorrow HTML gets replaced by a hypothetical future document format, I would need to refilter all my data if I only filter at input.
The email address you enter won't matter. Just put in any valid email address you want and then visit http://sale.sitepoint.com/claimpdf.php?email= with the email address you entered appended to the end.
Their email address validator is broken anyway. It doesn't support host names with subdomains such as foobar@foo.bar.org At least it supports addresses such as foo.bar@foobar.org
And foo.bar+sitepoint@foobar.org.
Thanks for the info, just don't forget that you can always use a disposable email address!!! (ah-hem whyspam.me)
I guess I'm not making myself popular with saying this, but why is it that when somebody offers something for free you still find yourself compelled to subvert the one thing they ask from you? They give you something you (supposedly) value yet you still try to screw these people out of something that costs you very little. I guess you're going to whine about spam now, but come on, do you really think these people are trawling email addresses for viagra spam by giving away jquery ebooks? And if (I don't know if they will, just if) they ever send you an email, you click the unsubscribe link and off you go. I'd say that this is a small price to pay for (again) something that has at least some value to you.

(This has become a pet peeve of mine since we started offering a free tool that is valuable to many people and for which the commercial alternatives cost thousands of dollars. We ask name and affiliation to get a feel for our user base, people who usually just download and are never heard from again. Most people just fill it in, but every now and then there's some smartass who feels it's necessary to fill in "asdfasdf". I don't do email address validation either, I know it's impossible to check anyway. Show a little respect for what others are GIVING you for FREE).

Your definition of FREE is way off. Having worked for online marketing companies for years, I can tell you that exchanging your email address for something is far from free. You are essentially signup up for a never ending deluge of spam.

Of course, not everyone who asks for your email address is going to sell it to spammers, but enough are that it merits caution.

Fine if you want to play semantic games, let's say it's not free because they require your email address. How does that make it OK to provide a fake one? The deal is: you get the ebook in return for your email address. Either you take it or leave it, you don't take what is offered and then return nothing. The level of denial and cognitive dissonance in your answer is mind boggling, how can you justify what is plainly breaking your end of the deal on an offer that is already very reasonable?
I gave them my email with a plus sign in it, and I was surprised that the web form accepted it and I got the email. However, clicking on the link they emailed me, which had my email (and therefore the plus sign) in the url, broke their site and just sent me back to TFA. Nice bugs guys.
(comment deleted)
I bet it will work if you replace the + in the URL with %2B.
Has anyone read this, and would make the recommendation.
(comment deleted)
Amazon has nice reviews of this book. Thanks for doing this.
I had already purchased this book, but it will still be nice to have a PDF version. Thanks SitePoint!
You're welcome! Jen (sitepoint.com)
Skimming through the book, it is clearly written and starts with small steps for the JQuery beginner. I'm not sure how someone with no Javascript would fare. But for someone who has been using JQuery for a while it's worth about 5 minutes of skimming.
<a href="http://www.didtrade.com/><strong>www.didtrade.co... Online sell fashion goods,Accept PayPal.cheap replica fashion goods for sale from china free shipping</strong></a><br /> <a href="http://www.didtrade.com/><strong>Replica Children-suit free shipping</strong></a><br /> <a href="http://www.didtrade.com/><strong>Replica t-shirts free shipping</strong></a><br /> <a href="http://www.didtrade.com/><strong>Replica Children-coat free shipping</strong></a><br /> <a href="http://www.didtrade.com/><strong>Replica Children-pants free shipping</strong></a><br /> <a href="http://www.didtrade.com/><strong>Replica Children-tops free shipping</strong></a><br /> <a href="http://www.didtrade.com/><strong>Replica Children shoes free shipping</strong></a><br /> <a href="http://www.didtrade.com/><strong>Replica children-boot free shipping</strong></a><br /> <a href="http://www.didtrade.com/><strong>Replica UGG boots free shipping</strong></a><br /> <a href="http://www.didtrade.com/><strong>Replica Edhardy boots free shipping</strong></a><br /> <a href="http://www.didtrade.com/><strong>Replica LV boots free shipping</strong></a><br /> <a href="http://www.didtrade.com/><strong>Replica DG boots free shipping</strong></a><br /> <a href="http://www.didtrade.com/><strong>Replica Gucci boots free shipping</strong></a><br /> <a href="http://www.didtrade.com/><strong>Replica chanel boots free shipping</strong></a><br /> <a href="http://www.didtrade.com/><strong>Replica fendi boots free shipping</strong></a><br /> <a href="http://www.didtrade.com/><strong>Replica Tou`s boots free shipping</strong></a><br /> <a href="http://www.didtrade.com/><strong>Replica Versace boots free shipping</strong></a><br /> <a href="http://www.didtrade.com/><strong>Replica coach boots free shipping</strong></a><br /> <a href="
Hi - It's Jen from SitePoint, here. Glad to hear you guys are enjoying the free copy of jQuery:Novice to Ninja!

As for marketing emails, we always include an "unsubscribe" link. SitePoint will never sell your email address or your information.

Enjoy the freebie!

A nice checkbox 'send me marketing upates' below the email entry box would be really nice. These days most people appreciate an opt-in experience to opt-out.
I actually think that if you're getting a free book out of it, the publisher should be able to get at least one marketing e-mail to you before you decide not to see any more of their offers ...
Isn't marketing about getting your product in the customer's hands? Your product should be able to handle it from there.
Well I thought hacker news was one place I could visit without World cup spoilers. How wrong I was. Well that's ruined my morning.
it comes in pdf/kindle/[nook] formats. very very nice. thank you. Now who won? and what?

just kidding. I've very happy Spain won.

this is awesome. can't wait to read it!
got 9 spam emails a few minutes after signing up for this. way to go superduper.