Digging for SSRF in NextJS appsAt Assetnote, we encounter sites running NextJS extremely often; in this blog post we will detail some common misconfigurations we find in NextJS websites, along with a vulnerability we found in the framework.
ECMAScript 2023 feature: symbols as WeakMap keys
In this blog post, we take a look at the ECMAScript 2023 feature “Symbols as WeakMap keys” – which was proposed by Robin Ricard, Rick Button, Daniel Ehrenberg, Leo Balter, Caridy Patiño, Rick Waldron, and Ashley Claymore. What are WeakMaps good for? # The key ability of a WeakMap is to associate data with a value: The value is the key of a WeakMap entry. The data is the value of that entry. Consi
ECMAScript 2024 feature: `Promise.withResolvers()`
In this blog post we take a look at the ECMAScript 2024 feature “Promise.withResolvers” (proposed by Peter Klecha). It provides a new way of directly creating Promises, as an alternative to new Promise(...). new Promise(...) – the revealing constructor pattern # Before Promise.withResolvers(), there was only one way to create Promises directly – via the following pattern: const promise = new Prom
MoonBit adds JS backend, up to 25x faster than native JS | MoonBit
When MoonBit officially launched in August 2023, our critical mission was unleashing the potential of WebAssembly in cloud and edge computing as a Wasm-first programming language and toolchain. By integrating the essence of Rust and Go, MoonBit has not only achieved simplicity and usability in design but also been equipped with a robust fault-tolerant type system. At the same time, MoonBit is work
HTML attributes vs DOM properties
Attributes and properties are fundamentally different things. You can have an attribute and property of the same name set to different values. For example: <div foo="bar">…</div> <script> const div = document.querySelector('div[foo=bar]'); console.log(div.getAttribute('foo')); // 'bar' console.log(div.foo); // undefined div.foo = 'hello world'; console.log(div.getAttribute('foo')); // 'bar' consol
How we built JSR
We recently launched the JavaScript Registry - JSR. It’s a new registry for JavaScript and TypeScript designed to offer a significantly better experience than npm for both package authors and users: It natively supports publishing TypeScript source code, which is used to auto-generate documentation for your package It’s secure-by-default, supporting token-less publishing from GitHub Actions and pa
Object Structure in JavaScript Engines
Object Structure in JavaScript EnginesFrom a developer's perspective, objects in JavaScript are quite flexible and understandable. We can add, remove, and modify object properties on our own. However, few people think about how objects are stored in memory and processed by JS engines. Can a developer's actions, directly or indirectly, impact performance and memory consumption? Let's try to delve i
JavaScript engine fundamentals: Shapes and Inline Caches · Mathias Bynens
This article describes some key fundamentals that are common to all JavaScript engines — and not just V8, the engine the authors (Benedikt and Mathias) work on. As a JavaScript developer, having a deeper understanding of how JavaScript engines work helps you reason about the performance characteristics of your code. Note: If you prefer watching a presentation over reading articles, then enjoy the
The V8 Sandbox · V8
After almost three years since the initial design document and hundreds of CLs in the meantime, the V8 Sandbox — a lightweight, in-process sandbox for V8 — has now progressed to the point where it is no longer considered an experimental security feature. Starting today, the V8 Sandbox is included in Chrome's Vulnerability Reward Program (VRP). While there are still a number of issues to resolve be
GitHub - tc39/proposal-signals: A proposal to add signals to JavaScript.
Stage 1 (explanation) TC39 proposal champions: Daniel Ehrenberg, Yehuda Katz, Jatin Ramanathan, Shay Lewis, Kristen Hewell Garrett, Dominic Gannaway, Preston Sego, Milo M, Rob Eisenberg Original authors: Rob Eisenberg and Daniel Ehrenberg This document describes an early common direction for signals in JavaScript, similar to the Promises/A+ effort which preceded the Promises standardized by TC39 i
lamplightdev - Streaming HTML out of order without JavaScript
Updated Sep 29 2024 to add further information about support in Safari, and updated information about support in Firefox. Let's start with a demo: https://ooo.lamplightdev.workers.dev: This is a simple page that renders a list of 10 items. Try it with and without JavaScript enabled in your browser. There's a few things to notice: The 'app shell' renders first - you see the header and the footer, b
Expressive Code
Present your source code on the web, making it easy to understand and visually stunning. All batteries included!
Introducing JSR - the JavaScript Registry
Modules are published to JSR as TypeScript source code. API documentation generation, type declarations for Node-like environments, and transpilation are all handled by JSR. Module authors can focus on writing TypeScript only. Read on for more context on how and why we built JSR, how you can use it today, and how you can be involved in the project! Introducing JSR - the slightly longer version Jav
lorenzofox blog | Coroutines and web components
In the previous article we learned what coroutines are and saw some patterns they can help implement. In this article, we will see how coroutines can be used to model web components in a different way, and why you might like it. Rendering loop Among other things, coroutines have a few properties that we will use in this short essay: They are primarily functions and can benefit from the whole funct
WebPerf Snippets – Nextra
WebPerf Snippets A curated list of snippets to get Web Performance metrics to use in the browser console or as snippets on Chrome DevTools (opens in a new tab). How to use Requirements All the snippets are tested in Google Chrome (opens in a new tab) browser, so use this browser to garantize the correct funcionality. Run in the browser console You can copy any snippet and then paste in the browser
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
Home | Pintora
GitHub - LavaMoat/LavaDome: Secure DOM trees isolation and encapsulation leveraging ShadowDOM
GitHub - tinylibs/tinyspy: 🕵🏻♂️ minimal fork of nanospy, with more features
HTML Standard
GitHub - thepassle/swtl: A Service Worker Templating Language (swtl) for component-like templating in service workers. Streams templates to the browser as they're being parsed, and handles rendering iterables/Responses in templates by default.
