CVE-2024-4367 - Arbitrary JavaScript execution in PDF.js — Codean Labs
This post details CVE-2024-4367, a vulnerability in PDF.js found by Codean Labs. PDF.js is a JavaScript-based PDF viewer maintained by Mozilla. This bug allows an attacker to execute arbitrary JavaScript code as soon as a malicious PDF file is opened. This affects all Firefox users (<126) because PDF.js is used by Firefox to show PDF files, but also seriously impacts many web- and Electron-based a
ECMAScript 2023 feature: symbols as WeakMap keys
In this blog post, we take a look at the ECMAScript 2023 feature “Symbols as WeakMap keys” – which was proposed by Robin Ricard, Rick Button, Daniel Ehrenberg, Leo Balter, Caridy Patiño, Rick Waldron, and Ashley Claymore. What are WeakMaps good for? # The key ability of a WeakMap is to associate data with a value: The value is the key of a WeakMap entry. The data is the value of that entry. Consi
ECMAScript 2024 feature: `Promise.withResolvers()`
In this blog post we take a look at the ECMAScript 2024 feature “Promise.withResolvers” (proposed by Peter Klecha). It provides a new way of directly creating Promises, as an alternative to new Promise(...). new Promise(...) – the revealing constructor pattern # Before Promise.withResolvers(), there was only one way to create Promises directly – via the following pattern: const promise = new Prom
HTML attributes vs DOM properties
Attributes and properties are fundamentally different things. You can have an attribute and property of the same name set to different values. For example: <div foo="bar">…</div> <script> const div = document.querySelector('div[foo=bar]'); console.log(div.getAttribute('foo')); // 'bar' console.log(div.foo); // undefined div.foo = 'hello world'; console.log(div.getAttribute('foo')); // 'bar' consol
How we built JSR | Deno
We recently launched the JavaScript Registry - JSR. It’s a new registry for JavaScript and TypeScript designed to offer a significantly better experience than npm for both package authors and users: It natively supports publishing TypeScript source code, which is used to auto-generate documentation for your package It’s secure-by-default, supporting token-less publishing from GitHub Actions and pa
Object Structure in JavaScript Engines
Object Structure in JavaScript EnginesFrom a developer's perspective, objects in JavaScript are quite flexible and understandable. We can add, remove, and modify object properties on our own. However, few people think about how objects are stored in memory and processed by JS engines. Can a developer's actions, directly or indirectly, impact performance and memory consumption? Let's try to delve i
JavaScript engine fundamentals: Shapes and Inline Caches · Mathias Bynens
This article describes some key fundamentals that are common to all JavaScript engines — and not just V8, the engine the authors (Benedikt and Mathias) work on. As a JavaScript developer, having a deeper understanding of how JavaScript engines work helps you reason about the performance characteristics of your code. Note: If you prefer watching a presentation over reading articles, then enjoy the
The V8 Sandbox · V8
After almost three years since the initial design document and hundreds of CLs in the meantime, the V8 Sandbox — a lightweight, in-process sandbox for V8 — has now progressed to the point where it is no longer considered an experimental security feature. Starting today, the V8 Sandbox is included in Chrome's Vulnerability Reward Program (VRP). While there are still a number of issues to resolve be
GitHub - tc39/proposal-signals: A proposal to add signals to JavaScript.
Stage 1 (explanation) TC39 proposal champions: Daniel Ehrenberg, Yehuda Katz, Jatin Ramanathan, Shay Lewis, Kristen Hewell Garrett, Dominic Gannaway, Preston Sego, Milo M, Rob Eisenberg Original authors: Rob Eisenberg and Daniel Ehrenberg This document describes an early common direction for signals in JavaScript, similar to the Promises/A+ effort which preceded the Promises standardized by TC39 i
lamplightdev - Streaming HTML out of order without JavaScript
Updated Sep 29 2024 to add further information about support in Safari, and updated information about support in Firefox. Let's start with a demo: https://ooo.lamplightdev.workers.dev: This is a simple page that renders a list of 10 items. Try it with and without JavaScript enabled in your browser. There's a few things to notice: The 'app shell' renders first - you see the header and the footer, b
Expressive Code
Present your source code on the web, making it easy to understand and visually stunning. All batteries included!
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
GitHub - grucloud/bau: Reactive library and components for building web user interface
Digging for SSRF in NextJS apps
Home | Pintora
MoonBit adds JS backend, up to 25x faster than native JS | MoonBit
GitHub - LavaMoat/LavaDome: Secure DOM trees isolation and encapsulation leveraging ShadowDOM
GitHub - tinylibs/tinyspy: 🕵🏻♂️ minimal fork of nanospy, with more features
HTML Standard
Introducing JSR - the JavaScript Registry | Deno
GitHub - thepassle/swtl: A Service Worker Templating Language (swtl) for component-like templating in service workers. Streams templates to the browser as they're being parsed, and handles rendering iterables/Responses in templates by default.
