CircleUp

In the Summer of 2014, I received an offer for an internship, but I had practically no idea what the company was all about. After all, I had never even heard of the name CircleUp in my life. The name didn’t help either — CircleUp doesn’t tell me anything about what the company does. However, in the end, it didn’t matter. No matter what the company did, the people who worked there gave me an amazing experience I’ll never forget.

At the time I interned there, CircleUp was a rather small company. I think that I could have counted the number of engineers there on one hand. However, being in that close of an environment with such few people meant that I got a lot of freedom with the work I did.

The Community Page

One of the biggest things I did at CircleUp was to help build a new section of the website from the ground-up: the community page. There was a desire to create a sort of native blogging platform on our website, but there were a few details that had to be handled.

  1. Would we be doing it from scratch?
  2. If not from scratch, what service would we be using?
  3. How could we make the experience feel feel uniquely native to our site?

Given that the problem of “a blogging platform” has been solved so many times before, it seemed like a no-brainer to use something that was already out there. However, what would be suitable for use? It had to be richly featured, but not too constraining.

After researching the available options, we settled on using Prismic.io for our content management system. There was a very good reason for this — Prismic.io offered a unique take on content management presentation. Instead of displaying all of the content on their website, they provide an API through which content can be fetched on demand. That way, for example, we can have users select a category of articles to display in a way that makes sense for our platform. Not to mention, Prismic.io’s content management tools are top notch. The editor feels slick, and the resources are well-organized.

Prismic.io’s dashboard.

With the CMS decided, all that was left for me was to figure out how to integrate the API into our site. This required careful reading of the documentation and ensuring that the API would play nice with what content we already had. There were a few challenges, like pagination and tag selection, but overall Prismic.io’s quality as a platform made the process very smooth.

Security

One other thing I did at CircleUp worth mentioning is tighten up their security. Coming into this internship, I knew almost nothing about web security. However, one of the employees very helpfully mentored me through the process, and even provided some fantastic resources for me to learn on my own.

Let’s talk about one of the biggest issues we found, cross-site scripting (XSS). The root of this problem is trusting user input. Typically, on a website, Javascript can be run through any <script> tag. Let’s say then, for example, that you have a comments section somewhere in your website. What if a naughty user decides to write their own <script> tag into that section? Without the proper precautionary steps, you could be allowing any user to execute arbitrary code on any other user’s computer who visits that page.

How did we solve this problem? Since the root of the problem lies with user input, we decided to carefully sanitize all user input. This meant scanning user input before it is recorded into the database for any potential vulnerabilities, like script tags and even <img> tags, since those can be cleverly used to carry out an XSS attack.

Conclusion

All in all, my internship at CircleUp was a great experience. I feel like the mixture of a close-knit team (not too small and not too big) and using techniques and technology I’ve never used before allowed me to learn a lot of valuable things in record time. Thanks to having done the internship, I am now extremely comfortable with web technologies.

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.