はじめに 対象イベント 読み方、使い方 Remote Code Execution(RCE) 親ディレクトリ指定によるopen_basedirのバイパス PHP-FPMのTCPソケット接続によるopen_basedirとdisable_functionsのバイパス JavaのRuntime.execでシェルを実行 Cross-Site Scripting(XSS) nginx環境でHTTPステータスコードが操作できる場合にCSPヘッダーを無効化 GoogleのClosureLibraryサニタイザーのXSS脆弱性 WebのProxy機能を介したService Workerの登録 括弧を使わないXSS /記号を使用せずに遷移先URLを指定 SOME(Same Origin Method Execution)を利用してdocument.writeを順次実行 SQL Injection MySQ
技術部の笹田(ko1)と遠藤(mame)です。クックパッドで Ruby (MRI: Matz Ruby Implementation、いわゆる ruby コマンド) の開発をしています。お金をもらって Ruby を開発しているのでプロの Ruby コミッタです。 本日 12/25 に、ついに Ruby 3.1.0 がリリースされました(Ruby 3.1.0 リリース )。今年も Ruby 3.1 の NEWS.md ファイルの解説をします。NEWS ファイルとは何か、は以前の記事を見てください。 プロと読み解く Ruby 2.6 NEWS ファイル - クックパッド開発者ブログ プロと読み解くRuby 2.7 NEWS - クックパッド開発者ブログ プロと読み解くRuby 3.0 NEWS - クックパッド開発者ブログ 本記事は新機能を解説することもさることながら、変更が入った背景や苦労な
ゼロアロケーションLINQライブラリ「ZLinq」のリリースとアーキテクチャ解説 2025-05-05 ZLinq v1を先月リリースしました!structとgenericsベースで構築することによりゼロアロケーションを達成しています。またLINQ to Span, LINQ to SIMD, LINQ to Tree(FileSystem, JSON, GameObject, etc.)といった拡張要素と、任意の型のDrop-in replacement Source Generator。そして.NET Standard 2.0, Unity, Godotなどの多くのプラットフォームサポートまで含めた大型のライブラリとなっています!現在GitHub Starsも2000を超えました。 https://github.com/Cysharp/ZLinq structベースのLINQそのものは
REST API Design Best Practices Handbook – How to Build a REST API with JavaScript, Node.js, and Express.js
By Jean-Marc Möckel I've created and consumed many API's over the past few years. During that time, I've come across good and bad practices and have experienced nasty situations when consuming and building API's. But there also have been great moments. There are helpful articles online which present many best practices, but many of them lack some practicality in my opinion. Knowing the theory with
tl;drJSON Schema で指定したフォーマットで出力を制御可能になったよ cURL / Python / JavaScript のそれぞれで試してみたよ 具体的な実用例があったのでそれも動かしてみたよ 使う上での tips や今後どんな機能が追加されるかまとめたよ 公開されたブログの流れに準拠しつつ、意図がズレない範囲で翻訳、解説、コードの実行をしていきます。チュートリアルになっているので、よかったら手を動かして試してみてください。 Ollama が structured outputs をサポート。JSON Schema で定義したフォーマットに LLM の出力を制御するすることが可能になりました。Ollama の Python と JavaScript のそれぞれのライブラリにおいてもサポートするよう更新。 ブログでは structured outputs のユースケースとし
Developers are increasingly relying on AI coding assistants to accelerate our daily workflows. These tools can autocomplete functions, suggest bug fixes, and even generate entire modules or MVPs. Yet, as many of us have learned, the quality of the AI’s output depends largely on the quality of the prompt you provide. In other words, prompt engineering has become an essential skill. A poorly phrased
Today we are excited to announce the availability of TypeScript 6.0! If you are not familiar with TypeScript, it’s a language that builds on JavaScript by adding syntax for types, which enables type-checking to catch errors, and provide rich editor tooling. You can learn more about TypeScript and how to get started on the TypeScript website. But if you’re already familiar with the language, you ca
Couple of weeks ago when I was publishing The Hidden Cost of URL Design I needed to add SQL syntax highlighting. I headed to PrismJS website trying to remember if it should be added as a plugin or what. I was overwhelmed with the amount of options in the download page so I headed back to my code. I checked the file for PrismJS and at the top of the file, I found a comment containing a URL: /* http
How modern browsers work
Note: For those eager to dive deep into how browsers work, an excellent resource is Browser Engineering by Pavel Panchekha and Chris Harrelson (available at browser.engineering). Please do check it out. This article is an overview of how browsers work. Web developers often treat the browser as a black box that magically transforms HTML, CSS, and JavaScript into interactive web applications. In tru
Modern Emacs Typescript Web (React) Config with lsp-mode, treesitter, tailwind, TSX & more - Ovi Stoica
Table of Contents Introduction Part 1: Treesitter for Typescript & TSX LSP Support Completion setup Linter setup LSP Setup Eslint (Optional) Tailwind LSP Server LSP Performance Emacs LSP Booster Structural editing Formatting buffers with Prettier Other resources Conclusion Introduction I've worked within the JS ecosystem for the past 8 years using editors like Webstorm and VSCode, I started using
The Fediverse has been a hot topic of discussion lately, with thousands, if not millions, of new users creating accounts on platforms like Mastodon to either move entirely to "the other side" or experiment and learn about this new social network. Today we're introducing Wildebeest, an open-source, easy-to-deploy ActivityPub and Mastodon-compatible server built entirely on top of Cloudflare's Super
Today we’re excited to announce the release of TypeScript 4.8! If you’re not yet familiar with TypeScript, it’s a language that builds on JavaScript and adds syntax for types. These types let you put your expectations and assumptions into your code, and those assumptions can then be checked by the TypeScript type-checker. This checking can help avoid typos, calling uninitialized values, mixing up
Today we are announcing the beta release of TypeScript 6.0! To get started using the beta, you can get it through npm with the following command: npm install -D typescript@beta TypeScript 6.0 is a unique release in that we intend for it to be the last release based on the current JavaScript codebase. As announced last year (with recent updates here), we are working on a new codebase for the TypeSc
All JavaScript and TypeScript Features of the last 3 years
TypeScript as envisioned by Stable DiffusionThis article goes through almost all of the changes of the last 3 years (and some from earlier) in JavaScript / ECMAScript and TypeScript . Not all of the following features will be relevant to you or even practical, but they should instead serve to show what’s possible and to deepen your understanding of these languages. There are a lot of TypeScript fe
はじめに こんにちは、morioka12 です。 本記事は、バグハンターの視点でソフトウェアサプライチェーン (Software Supply Chain)について解説する入門ブログです。 なお、本記事は昨年の LT 発表「バグハンター視点によるサプライチェーンの脆弱性」(「あなたの知らない ”サプライチェーン攻撃”を語る セキュリティ Night」, 2025年12月)をもとに、補足等を加えて再構成した入門内容になります。 speakerdeck.com https://speakerdeck.com/scgajge12/baguhantashi-dian-niyorusapuraitiennocui-ruo-xing https://x.com/scgajge12/status/1996546273403600953?s=20 注意事項 本記事で紹介する手法や事例はすべて、正規のバグバ
The product https://joinmastodon.org Mastodon is a free, open-source social network server based on ActivityPub where users can follow friends and discover new ones. On Mastodon, users can publish anything they want: links, pictures, text, and video. All Mastodon servers are interoperable as a federated network. Open source The project is open source at https://github.com/mastodon/mastodon License
Parsing SQL - Strumenta
The code for this tutorial is on GitHub: parsing-sql SQL is a language to handle data in a relational database. If you worked with data you have probably worked with SQL. In this article we will talk about parsing SQL. It is in the same league of HTML: maybe you never learned it formally but you kind of know how to use it. That is great because if you know SQL, you know how to handle data. However
Speeding up the JavaScript ecosystem - Rust and JavaScript Plugins
Over the past year (2024) there has been a strong movement to rewrite JavaScript tools in Rust to make them faster. Rust is well suited for this as it runs much closer to hardware and doesn't rely on garbage collection. This makes it an ideal candidate for computationally intensive tasks. Linting in its basic form is such a task, as it involves parsing and traversing lots of source code. But there
Today we’re excited to announce the release of TypeScript 5.5! If you’re not familiar with TypeScript, it’s a language that builds on top of JavaScript by making it possible to declare and describe types. Writing types in our code allows us to explain intent and have other tools check our code to catch mistakes like typos, issues with null and undefined, and more. Types also power TypeScript’s edi
2025-05-06, Version 24.0.0 (Current), @RafaelGSS and @juanarbol We’re excited to announce the release of Node.js 24! This release brings several significant updates, including the upgrade of the V8 JavaScript engine to version 13.6 and npm to version 11. Starting with Node.js 24, support for MSVC has been removed, and ClangCL is now required to compile Node.js on Windows. The AsyncLocalStorage API
Today we are excited to announce the Release Candidate (RC) of TypeScript 6.0! To get started using the RC, you can get it through npm with the following command: npm install -D typescript@rc TypeScript 6.0 is a unique release in that we intend for it to be the last release based on the current JavaScript codebase. As announced last year (with recent updates here), we are working on a new codebase
Xᴇɴᴏɴ
Xenon is the best way to represent information: Native support for arrays. Native support for a graph structure, elements may have multiple parents. Native support for types used in serializing program data. Unambiguous choice of data structure. Readable multiple line indented text. Terse, efficient to write by hand. Can be implemented to be blazingly fast or using a mode-less tokenizer. The xenon
Designing a Dataflow Editor With TypeScript and React | Protocol Labs Research
This is a design report – a story about the tradeoffs and challenges that we encountered while building a medium-complexity React component in TypeScript. These include state modeling (“making illegal states unrepresentable”) basic type-level programming in TypeScript DX patterns for generically typed React components DX patterns for reusable controlled components using a Redux-like action/dispatc
JSON.stringify is a core JavaScript function for serializing data. Its performance directly affects common operations across the web, from serializing data for a network request to saving data to localStorage. A faster JSON.stringify translates to quicker page interactions and more responsive applications. That’s why we’re excited to share that a recent engineering effort has made JSON.stringify i
WebKit Features in Safari 17.2
ContentsHTMLCSSImages and videoJavaScriptWeb APIWeb AppsWebGLPrivacyWeb InspectorFixes for Interop 2023 and moreUpdating to Safari 17.2Feedback Web technology is constantly moving forward, with both big new features and small subtle adjustments. Nowadays, web developers expect web browsers to update multiple times a year, instead of the once or twice a year typical of the late 2000s — or the once
The Grug Brained Developer
The Grug Brained Developer A layman's guide to thinking like the self-aware smol brained Introduction this collection of thoughts on software development gathered by grug brain developer grug brain developer not so smart, but grug brain developer program many long year and learn some things although mostly still confused grug brain developer try collect learns into small, easily digestible and fun
Today we are excited to announce the availability of TypeScript 5.5 Beta. To get started using the beta, you can get it through NuGet, or through npm with the following command: npm install -D typescript@beta Here’s a quick list of what’s new in TypeScript 5.5! Inferred Type Predicates Control Flow Narrowing for Constant Indexed Accesses Type Imports in JSDoc Regular Expression Syntax Checking Iso
Temporal: getting started with JavaScript’s new date time API Updates: 2022-01-10: Temporal.now was renamed to Temporal.Now. 2021-06-30: Rearranged the content and created a section on the concepts and patterns used by the Temporal API. 2021-06-29: Clarified how Instant uses the ISO-8601 calendar. Listed the properties of some classes. Date, JavaScript’s current date time API is infamously difficu
rollup.js と TypeScript を使って npm 公開用のライブラリを作ろうとしたら、 Rollup の公式プラグインがRollup Pluginsに移動していて、 ビルド環境構築に苦労したので、雑にメモを残しておきます。 作るもの ✍ npm で公開するためのライブラリを作成する環境 モジュールバンドラに rollup.js を利用する TypeScript を使って開発する 他の npm のモジュール(CommonJS も含む)も利用できる 作成したライブラリは、汎用的に使えるようにする CommonJS、ESModule で利用できる CDN 経由でブラウザで利用できる (buble でトランスパイルし、IE でも動くように 😇) babel を利用して ES2015 まで構文変換は行うが、pollifill は利用者側に委ねる ライブラリが個々に pollifill
Today we are excited to announce the availability of the release candidate of TypeScript 5.5. To get started using the RC, you can get it through NuGet, or through npm with the following command: npm install -D typescript@rc Here’s a quick list of what’s new in TypeScript 5.5! Inferred Type Predicates Control Flow Narrowing for Constant Indexed Accesses Type Imports in JSDoc Regular Expression Syn
2023-10-17, Version 21.0.0 (Current), @RafaelGSS and @targos We're excited to announce the release of Node.js 21! Highlights include updates of the V8 JavaScript engine to 11.8, stable fetch and WebStreams, a new experimental flag to change the interpretation of ambiguous code from CommonJS to ES modules (--experimental-default-type), many updates to our test runner, and more! Node.js 21 will repl
Today we’re excited to announce our Release Candidate (RC) of TypeScript 4.8. Between now and the stable release of TypeScript 4.8, we expect no further changes apart from critical bug fixes. To get started using the RC, you can get it through NuGet, or use npm with the following command: npm install -D typescript@rc You can also get editor support by Downloading for Visual Studio 2022/2019 Follow
Biome v2.4—Embedded Snippets, HTML Accessibility, and Better Framework Support
Biome v2.4 is the first minor release of the year! After more than ten patches from v2.3, today we bring to you a new version that contains many new features! Once you have upgraded to Biome v2.4.0, migrate your Biome configuration to the new version by running the migrate command: biome migrate --write Highlights Among all the features shipped in this release, here are the ones we think you’re go
This article was discussed on Hacker News. This is a continuation of my last post on how to write a tree-sitter grammar in an afternoon. Building on the grammar we wrote, now we’re going to write a linter for Imp, and it’s even easier! The final result clocks in less than 60 SLOC and can be found here. Recall that tree-sitter is an incremental parser generator. That is, you give it a description o
WebKit Features in Safari 18.4
Mar 31, 2025 by Jen Simmons, Saron Yitbarek, Jon Davis, Razvan Caliman, Karl Dubost, Brady Eidson, Elika Etemad, Youenn Fablet, Matthew Finkel, Simon Fraser, Timothy Hatcher, David Johnson, Anne van Kesteren, Daniel Liu, Keith Miller, Rupin Mittal, Tim Nguyen, Pascoe, Abrar Rahman Protyasha, Richard Robinson, Lily Spiniolas, Brandon Stewart, John Wilander and Luming Yin ContentsDeclarative Web Pus
Against SQL
TLDR The relational model is great: A shared universal data model allows cooperation between programs written in many different languages, running on different machines and with different lifespans. Normalization allows updating data without worrying about forgetting to update derived data. Physical data independence allows changing data-structures and query plans without having to change all of y
CloudFront Hosting Toolkitを使って静的Webサイト環境を作ってみた | DevelopersIO
手間をかけずにCloudFrontを使った静的Webサイトを作りたい こんにちは、のんピ(@non____97)です。 皆さんは手間をかけずにCloudFrontを使った静的Webサイトを作りたいなと思ったことはありますか? 私はあります。 過去にAWS CDKを使ってこの思いを実現したことがありますが、一からAWS CDKを作り込むのはなかなか大変でした。 そんな苦労はCloudFront Hosting Toolkitを使用すると少し解消されるかもしれません。 CloudFront Hosting ToolkitはCLIまたはAWS CDKでフロントエンドのホスティングとCI/CDパイプラインを用意するツールです。 今だとAmplifyを使えば良いのではないか? という声も聞こえてきますが、細かいカスタマイズを行いたい場合にCloudFront周りを直接操作したい場合があります。そうい
--- name: skill-creator description: Guide for creating effective skills. This skill should be used when users want to create a new skill (or update an existing skill) that extends Claude's capabilities with specialized knowledge, workflows, or tool integrations. license: Complete terms in LICENSE.txt --- # Skill Creator This skill provides guidance for creating effective skills. ## About Skills S
Building docfind: Fast Client-Side Search with Rust and WebAssembly
Version 1.108 is now available! Read about the new features and fixes from December. January 15, 2026 by João Moreno If you've visited the VS Code website recently, you might have noticed something new: a fast, responsive search experience that feels almost instant. Behind that experience is docfind, a search engine we built that runs entirely in your browser using WebAssembly. In this post, I wan
8.x バリデーション Laravel
イントロダクションIntroduction Laravelは、アプリケーションの受信データをバリデーションするために複数の異なるアプローチを提供します。すべての受信HTTPリクエストで使用可能なvalidateメソッドを使用するのがもっとも一般的です。しかし、バリデーションに対する他のアプローチについても説明します。Laravel provides several different approaches to validate your application's incoming data. It is most common to use the validate method available on all incoming HTTP requests. However, we will discuss other approaches to validation as well
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
【2020年】CTF Web問題の攻撃手法まとめ - こんとろーるしーこんとろーるぶい
プロと読み解く Ruby 3.1 NEWS - クックパッド開発者ブログ
neue cc - ゼロアロケーションLINQライブラリ「ZLinq」のリリースとアーキテクチャ解説
Ollama で structured outputs (構造化出力)を試す|ぬこぬこ
The Prompt Engineering Playbook for Programmers
Announcing TypeScript 6.0 - TypeScript
Your URL Is Your State
Welcome to Wildebeest: the Fediverse on Cloudflare
Announcing TypeScript 4.8 - TypeScript
Announcing TypeScript 6.0 Beta - TypeScript
バグハンター視点によるソフトウェアサプライチェーン入門 - blog of morioka12
Mastodon: Ruby on Rails Open Source Web App
Announcing TypeScript 5.5 - TypeScript
Node.js — Node.js 24.0.0 (Current)
Announcing TypeScript 6.0 RC - TypeScript
How we made JSON.stringify more than twice as fast · V8
Announcing TypeScript 5.5 Beta - TypeScript
Temporal: getting started with JavaScript’s new date time API
rollup.js × TypeScriptのライブラリをnpm公開する環境の構築(2020年12月版)
Announcing TypeScript 5.5 RC - TypeScript
Node.js — Node.js 21.0.0 (Current)
Announcing TypeScript 4.8 RC - TypeScript
How to write a linter using tree-sitter in an hour
prompts.chat - AI Prompts Community