はじめに 対象イベント 読み方、使い方 Remote Code Execution(RCE) 親ディレクトリ指定によるopen_basedirのバイパス PHP-FPMのTCPソケット接続によるopen_basedirとdisable_functionsのバイパス JavaのRuntime.execでシェルを実行 Cross-Site Scripting(XSS) nginx環境でHTTPステータスコードが操作できる場合にCSPヘッダーを無効化 GoogleのClosureLibraryサニタイザーのXSS脆弱性 WebのProxy機能を介したService Workerの登録 括弧を使わないXSS /記号を使用せずに遷移先URLを指定 SOME(Same Origin Method Execution)を利用してdocument.writeを順次実行 SQL Injection MySQ
ContentsHTMLCSSWeb APIsJavaScriptWeb AppsMediaPrivacySecurityWKWebViewSafari Web ExtensionsWeb InspectorFeedbackAnd More With over 70 additions to WebKit, Safari 15.4 is packed with new web technologies, updates, and fixes. We’ve assembled a huge release as part of our commitment to web developers, and the people who use the web. This is the first big WebKit release of 2022, and we’re just getting
REST API Design Best Practices Handbook – How to Build a REST API with JavaScript, Node.js, and Express.js
By Jean-Marc Möckel I've created and consumed many API's over the past few years. During that time, I've come across good and bad practices and have experienced nasty situations when consuming and building API's. But there also have been great moments. There are helpful articles online which present many best practices, but many of them lack some practicality in my opinion. Knowing the theory with
LogLog Games
The article is also available in Chinese. Disclaimer: This post is a very long collection of thoughts and problems I've had over the years, and also addresses some of the arguments I've been repeatedly told. This post expresses my opinion the has been formed over using Rust for gamedev for many thousands of hours over many years, and multiple finished games. This isn't meant to brag or indicate su
Piccolo - A Stackless Lua Interpreter 2024-05-01 History of piccolo A "Stackless" Interpreter Design Benefits of Stackless Cancellation Pre-emptive Concurrency Fuel, Pacing, and Custom Scheduling "Symmetric" Coroutines and coroutine.yieldto The "Big Lie" Rust Coroutines, Lua Coroutines, and Snarfing Zooming Out piccolo is an interpreter for the Lua language written in pure, mostly safe Rust with a
Highlights This is a summary of the significant changes, both breaking and non-breaking, you need to know about when upgrading from ESLint v8.x to ESLint v9.0.0. Installing Because this is a major release, you may not automatically be upgraded by npm. To ensure you are using this version, run: npm i eslint@9.0.0 --save-dev Copy code to clipboard Migration Guide As there are a lot of changes, we’ve
WebGPU is an upcoming Web API that gives you low-level, general-purpose access GPUs. I am not very experienced with graphics. I picked up bits and bobs of WebGL by reading through tutorials on how to build game engines with OpenGL and learned more about shaders by watching Inigo Quilez do amazing things on ShaderToy by just using shaders, without any 3D meshes or models. This got me far enough to
Jun 9, 2025 by Jen Simmons, Saron Yitbarek, Jon Davis, Richard Robinson, Eddy Wong, Brandel Zachernuk, Marcos Cáceres, Tim Nguyen, Daniel Liu, Razvan Caliman, Blaze Burg, Qianlang Chen, Brian Weinstein, Aditya Keerthi, Karl Dubost, David Johnson, Luming Yin ContentsSVG IconsEvery site can be a web app on iOS and iPadOSHDR ImagesWebKit in SwiftUI<model> on visionOSImmersive video and audio on visio
Local-first software: You own your data, in spite of the cloud
Cloud apps like Google Docs and Trello are popular because they enable real-time collaboration with colleagues, and they make it easy for us to access our work from all of our devices. However, by centralizing data storage on servers, cloud apps also take away ownership and agency from users. If a service shuts down, the software stops functioning, and data created with that software is lost. In t
25th May 2025 Anthropic publish most of the system prompts for their chat models as part of their release notes. They recently shared the new prompts for both Claude Opus 4 and Claude Sonnet 4. I enjoyed digging through the prompts, since they act as a sort of unofficial manual for how best to use these tools. Here are my highlights, including a dive into the leaked tool prompts that Anthropic did
I’m a fairly frequent Hacker News lurker, especially when I have some other important task that I’m avoiding. I normally head to the Active page (lots of comments, good for procrastination) and pick a nice long discussion thread to browse. So over time I’ve ended up with a good sense of what topics come up a lot. “The Bay Area is too expensive.” “There are too many JavaScript frameworks.” “Bootcam
--- name: skill-creator description: Guide for creating effective skills. This skill should be used when users want to create a new skill (or update an existing skill) that extends Claude's capabilities with specialized knowledge, workflows, or tool integrations. license: Complete terms in LICENSE.txt --- # Skill Creator This skill provides guidance for creating effective skills. ## About Skills S
WebKit Features for Safari 26.2
Safari 26.2 is a big release. Packed with 62 new features, this release aims to make your life as a web developer easier by replacing long-standing frustrations with elegant solutions. You’ll find simpler ways to create common UI patterns with just a few lines of HTML or CSS, and no JavaScript — like auto-growing text fields with CSS field-sizing, and buttons that open/close dialogs and popovers w
Part of my job is to make JavaScript things go fast. Speed is a feature, and when working in an interpreted language, squeezing every last bit of performance can be the difference between a great product and unusable garbage. Anyway, how cool would it be to make JavaScript itself go faster? I’m not a C++ programmer, but that didn’t stop me before, so I thought I’d give it a try anyway! The objecti
C interpreters are a common language implementation technique and the basis for the reference implementations of languages such as Lua, Ruby, and Python. Unfortunately, C interpreters are slow, especially compared to language implementations powered by JIT compilers. In this post I’m going to show that it is possible to take C interpreters and, by changing a tiny proportion of code, automatically
React Best Practices – Tips for Writing Better React Code
By Jean-Marc Möckel Two years ago, I started to learn and use React. And today I'm still using it at my day job as a Software Developer and in my own side projects. During that time I've come across a lot of "typical" issues. So I searched around and found some best practices that I've integrated into my workflow, and I've come up with things that have made my life or my team members' lives easier
WebKit Features in Safari 26.0
Sep 15, 2025 by Jen Simmons, Saron Yitbarek, Jon Davis, Tim Nguyen, Blaze Burg, Marcos Cáceres, Razvan Caliman, Qianlang Chen, Karl Dubost, Kiet Ho, David Johnson, Aditya Keerthi, Daniel Liu, Keith Miller, Abrar Rahman Protyasha, Richard Robinson, Kiara Rose, Ahmad Saleem, Anne van Kesteren, Brian Weinstein, Eddy Wong, Luming Yin, Brandel Zachernuk ContentsCSSEvery site can be a web app on iOS and
Bullshit Jobs
Notes: ISBN 978-1-5011-4331-1, ISBN 978-1-5011-4334-2 (ebook); Most names and many identifying characteristics have been changed.; Interior design by Carly Loman; Jacket design by David L Itman To anyone who would rather be doing something useful with themselves. Preface: On the Phenomenon of Bullshit Jobs In the spring of 2013, I unwittingly set off a very minor international sensation. It all be
Automated tests are important. Without them, programmers waste a huge amount of time manually checking and fixing their code. Unfortunately, many automated tests also waste a huge amount of time. The easy, obvious way to write tests is to make broad tests that are automated versions of manual tests. But they’re flaky and slow. Folks in the know use mocks and spies (I say “mocks” for short in this
GitHub - ComfyUI-Workflow/awesome-comfyui: A collection of awesome custom nodes for ComfyUI
ComfyUI-Gemini_Flash_2.0_Exp (⭐+172): A ComfyUI custom node that integrates Google's Gemini Flash 2.0 Experimental model, enabling multimodal analysis of text, images, video frames, and audio directly within ComfyUI workflows. ComfyUI-ACE_Plus (⭐+115): Custom nodes for various visual generation and editing tasks using ACE_Plus FFT Model. ComfyUI-Manager (⭐+113): ComfyUI-Manager itself is also a cu
How to build a plugin system in RustMay 29, 2024Software used by businesses often needs to be extensible. For Arroyo, a real-time SQL engine, that means supporting user-defined functions (UDFs). But how can we support dynamic, user-written code in a static language like Rust? This post dives deep into the technical details of building a dynamically-linked, FFI-based plugin system in Rust. Arroyo i
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
【2020年】CTF Web問題の攻撃手法まとめ - こんとろーるしーこんとろーるぶい
New WebKit Features in Safari 15.4
kyju.org - Piccolo - A Stackless Lua Interpreter
ESLint v9.0.0 released - ESLint - Pluggable JavaScript Linter
WebGPU — All of the cores, none of the canvas — surma.dev
News from WWDC25: WebKit in Safari 26 beta
Highlights from the Claude 4 system prompt
Hacker News folk wisdom on visual programming
prompts.chat - AI Prompts Community
I made JSON.parse() 2x faster
Laurence Tratt: Retrofitting JIT Compilers into C Interpreters
James Shore: Testing Without Mocks: A Pattern Language
How to build a plugin system in Rust