[JavaScript] URLを文字列結合で組み立てないために、url-cheatsheetを作った
[JavaScript] URLを文字列結合で組み立てないために、url-cheatsheetを作った URLを文字列結合で組み立てると色々問題が起きやすいので、それを避けるためにURL APIやURLSearchParams APIでURLを組み立てるパターンをまとめたチートシートを作りました。 azu/url-cheatsheet: URL manipulation cheatsheet for JavaScript URLにユーザーが入力した文字列を含めるときはencodeURIComponentでエスケープする URLはプレーンな文字列ではなく構造化された文字列(文字の並びに意味がある文字列)として扱わないと、さまざまな問題を抱えやすいです。 たとえば、次のように文字列結合でURLを組み立てるとパストラバーサルの問題があります。 name に ../../adminのような文字列が
![[JavaScript] URLを文字列結合で組み立てないために、url-cheatsheetを作った](https://cdn-ak-scissors.b.st-hatena.com/image/square/8e5439b69c83b50834bd0c07600f1b23fd865e34/backend=imagemagick;height=288;version=1;width=512/https%3A%2F%2Fefcl.info%2Fpublic%2Ffavicon.png)
ECMAScript proposal: iterator helpers
Update 2022-12-15: New section “How will this proposal affect future JavaScript APIs?” In this blog post, we look at the ECMAScript proposal “Iterator helpers” by Gus Caplan, Michael Ficarra, Adam Vandolder, Jason Orendorff, Kevin Gibbons, and Yulia Startsev. It introduces utility methods for working with iterable data: .map(), .filter(), .take(), etc. The style of the proposed API clashes with th
Building data-centric apps with a reactive relational database
Building apps is too hard. Even skilled programmers who don’t specialize in app development struggle to build simple interactive tools. We think that a lot of what makes app development hard is managing state: reacting and propagating changes as the user takes actions. We’re exploring a new way to manage data in apps by storing all app state—including the state of the UI—in a single reactive datab
Speeding up the JavaScript ecosystem - one library at a time
Whilst the trend is seemingly to rewrite every JavaScript build tool in other languages such as Rust or Go, the current JavaScript-based tools could be a lot faster. The build pipeline in a typical frontend project is usually composed of many different tools working together. But the diversification of tools makes it a little harder to spot performance problems for tooling maintainers as they need
Working with Zustand
Global (client) state management wasn't always like it is today. I distinctly remember a time when our best option was Redux with higher order components using connect plus mapStateToProps and mapDispatchToProps. Even the context api, initially, wasn't as ergonomic to use (pun intended), as it only supported render props when it came out. Of course, everything changed when hooks were released. Not
LernaとGithub Actionsでmonorepoライブラリのリリースを楽にする - Link and Motivation Developers' Blog
プラットフォームチームの菊池です。 弊社ではフロントエンドの共通コードを社内ライブラリにして開発しています。 https://link-and-motivation.hatenablog.com/entry/2022/08/10/152852 しかしライブラリのリリースが手動で行われていたため、問題が起きていました。 今回はリリース自動化にあたって、採用した方針と方法について紹介したいと思います。 背景 現状のリリースフローは以下のようになっていました。 リリース作業者がローカルでビルドする リリース作業者がローカルでバージョンを打つ リリース作業者がローカルから社内npmレジストリ(Github Packages)にpublishする 実際のコマンドとしてはこのような感じです。 # ビルドする yarn build # 新しいバージョンを打つ yarn version # npmレジスト
個人ブログの Next.js v13 移行でやったことまとめ
Next.js v13 への移行でやったことまとめ 準備 基礎となる記事に目を通した -> https://zenn.dev/link/comments/eefa4975aaedaf マイグレーションガイドを見て一つずつ対応しようかなと思ったけど、記事が長いのでnext devで動かして出てきたエラーを潰していく方法にした。とりあえずビルドできるようになったら、見落としやより良いやり方があるか確認するために読む。 ページコンポーネントに対して pages にあるファイルを app ディレクトリに移動させる 規約 通りに page と layout にコンポーネントを分割する getServerSideProps の処理をasync function getData() に変更する コンポーネントを async 関数にする props ではなくコンポーネントの中でgetData()の返り値を
What is a realm in JavaScript?
What is a realm in JavaScript? 28 Oct 2022 As part of my long term research around browser JavaScript security, in the past year I have been focusing specifically on security for realms ⭐️. Due to the rise of dependencies-based development, the JavaScript ecosystem (and the browser JavaScript ecosystem in particular) is far more vulnerable to what we know as “supply chain attacks” - and the abilit
Ladybird: A new cross-platform browser project
This post describes the Ladybird browser, based on the LibWeb and LibJS engines from SerenityOS. Since starting the SerenityOS project in 2018, my goal has been “to build a complete desktop operating system to eventually use as my daily driver”. What started as a little therapy project for myself has blossomed into a huge OSS community with hundreds of people working on it all over the world. We’v
Why We're Breaking Up with CSS-in-JS
Hi, I'm Sam — software engineer at Spot and the 2nd most active maintainer of Emotion, a widely-popular CSS-in-JS library for React. This post will delve into what originally attracted me to CSS-in-JS, and why I (along with the rest of the Spot team) have decided to shift away from it. We'll start with an overview of CSS-in-JS and give an overview of its pros & cons. Then, we'll do a deep dive int
Qwikの基本概念である Resumable を理解する
この記事は Cloudflare Workers and micro-frontends: made for one another のブログを理解するためのに Qwik の基本的な概念について理解することを目的とした記事です。 上記ブログに関しては、@laiso さんがわかりやすく解説してくれています。 本記事が、これらの記事やブログを読んで Qwik に付いて深堀りしたくなった方のお役に立てれば幸いです。 また、後日私の方でも、上記記事の解説や補足を何かしらの方法でまとめたいと思っています。 2022/10/26 追記 上の宣言通り、スクラップにまとめました。 What is Qwik ? Qwikは builder.io によって作られた、フロントエンドライブラリです。 SSRをデフォルトとし、Cloudflare Workers などでのエッジレンダリングにも対応しています。 js
JavaScript metaprogramming with the 2022-03 decorators API
More information on the syntax and semantics of decorators (optional section) # (This section is optional. If you skip it, you can still understand the remaining content.) The syntax of decorator expressions # A decorator expression starts with a chain of one or more identifiers, separated by dots. Each identifier except the first one can be private (prefix #). Square brackets [] are not allowed
Fastest Frontend Tooling in 2022
First published on October 3, 2022, updated on March 26, 2026 I tried tons of frontend tools this year in my pursuit to optimize my Developer Experience. I published an incredibly fast minimal template with sensible defaults which you can use to quickly spin up new projects: cpojer/vite-ts-react-tailwind-template. This is not a does-it-all starter kit. The template comes with the essential tools f
Building secure web apps using Web Workers | Mercari Engineering
Security is paramount for our users, and we at mercari strive to provide a snappy and safe platform. We recently introduced an additional layer of defence by adding Web Workers to secure the access token. It now protects the users from various kinds of attacks, including token theft from Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), prototype pollution, zero-day npm package vulner
Optimize long tasks | Articles | web.dev
Published: September 30, 2022, Last updated: December 19, 2024 Common advice for keeping JavaScript apps fast tends to boil down to the following advice: "Don't block the main thread." "Break up your long tasks." This is great advice, but what work does it involve? Shipping less JavaScript is good, but does that automatically equate to more responsive user interfaces? Maybe, but maybe not. To unde
The Basics of Remix | CSS-Tricks
You’ve probably heard a lot of hype around one of the newest kids on the framework block, Remix. It may be surprising that it got its start back in 2019, but it was originally only available as a subscription-based premium framework. In 2021, the founders raised seed funding and open sourced the framework to let users start using Remix for free. The floodgates opened and everyone seems to be talki
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
Web Performance APIs Appreciation Post
Lerna and Turborepo with Gitlab CI/CD
First-class Vite support in Storybook
Font Family and @supports