並び順

ブックマーク数

期間指定

  • から
  • まで

1 - 40 件 / 51件

新着順 人気順

javascript slice string methodの検索結果1 - 40 件 / 51件

  • MCPにおけるセキュリティ考慮事項と実装における観点(後編) - GMO Flatt Security Blog

    MCP logo ©︎ 2024–2025 Anthropic, PBC and contributors | MIT license はじめに こんにちは、GMO Flatt Security株式会社 セキュリティエンジニアのAzaraです。普段は、クラウドセキュリティや Web アプリケーションのセキュリティを専門領域にしています。 本稿は MCP のセキュリティを前後編で解説するものの後編です。前編では MCP のセキュリティを、利用者の視点から考察しました。 後編となる本稿では、攻撃者視点から脅威や攻撃手法を整理します。そのうえで、日々増えていく MCP Server の提供者が、これらの脅威やセキュリティ課題をどのように考慮し対策を講じるべきかを解説します。 また、GMO Flatt Securityは日本初のセキュリティ診断AIエージェント「Takumi」や、LLMを活用したア

      MCPにおけるセキュリティ考慮事項と実装における観点(後編) - GMO Flatt Security Blog
    • JavaScript: 所望のイベントリスナの発火を妨げているイベントリスナを特定する | Wantedly Engineer Blog

      Webアプリケーションでは、DOMの要素にイベントリスナ(イベントハンドラ)を取り付けることで、ユーザーによる様々な操作 (クリックなど) に応じて処理を行うことができます。 しかし、イベントリスナを登録しても、他のイベントリスナとの干渉によって意図した通りに発火しないことがあります。ここではその調査方法を紹介します。 前提知識: イベントバブリングイベントについては筆者の過去記事でも解説しましたが、あらためてここでも説明します。イベントバブリングを理解することが、イベントデバッグの近道だからです。 DOMにおいて、要素はネストすることによって木構造を形成します。ある要素(ターゲット要素)がクリックされるなどしてイベントが発生したとき、イベントはその要素自体だけではなく、その祖先要素にも送られます。これをイベントバブリングといいます。 イベントバブリングは2つの段階に分けられます。 Cap

        JavaScript: 所望のイベントリスナの発火を妨げているイベントリスナを特定する | Wantedly Engineer Blog
      • モダンフロントエンドはJSON APIが鬱陶しいので、無くしていきたい

        はじめに Kaigi on Rails 2025で発表し、何人かの人といろいろ話しているうちに、モダンフロントエンドが面倒臭いのはJSON APIのせいではないかと考えるようになりました。そしてJSON APIそのものが悪いというよりは、JSON APIを必要以上に使う原因となっているSPAが問題ではないかと思っています。まだ考えは固まっていないのですが、まずは部分的に紹介したいと思います。 モダンフロントエンドはJSON基礎工事が大変 SPAのReactフロントエンドを作る場合、Hotwireなら不要だった多大な工数が新しく発生します。 APIエンドポイントのルータおよびコントローラから、JSON APIシリアライザ、クライアントサイドのルータ、JSON APIをfetchしてフォーマット変換する作業、さらにAPIの契約を文書化したOpen APIを作成します。ここには記載していませんが

          モダンフロントエンドはJSON APIが鬱陶しいので、無くしていきたい
        • プロと読み解く Ruby 3.1 NEWS - クックパッド開発者ブログ

          技術部の笹田(ko1)と遠藤(mame)です。クックパッドで Ruby (MRI: Matz Ruby Implementation、いわゆる ruby コマンド) の開発をしています。お金をもらって Ruby を開発しているのでプロの Ruby コミッタです。 本日 12/25 に、ついに Ruby 3.1.0 がリリースされました(Ruby 3.1.0 リリース )。今年も Ruby 3.1 の NEWS.md ファイルの解説をします。NEWS ファイルとは何か、は以前の記事を見てください。 プロと読み解く Ruby 2.6 NEWS ファイル - クックパッド開発者ブログ プロと読み解くRuby 2.7 NEWS - クックパッド開発者ブログ プロと読み解くRuby 3.0 NEWS - クックパッド開発者ブログ 本記事は新機能を解説することもさることながら、変更が入った背景や苦労な

            プロと読み解く Ruby 3.1 NEWS - クックパッド開発者ブログ
          • プロと読み解く Ruby 3.2 NEWS - クックパッド開発者ブログ

            技術部の笹田(ko1)と遠藤(mame)です。クックパッドで Ruby (MRI: Matz Ruby Implementation、いわゆる ruby コマンド) の開発をしています。お金をもらって Ruby を開発しているのでプロの Ruby コミッタです。 昨日 12/25 に、恒例のクリスマスリリースとして、Ruby 3.2.0 がリリースされました(Ruby 3.2.0 リリース)。今年も Ruby 3.2 の NEWS.md ファイルの解説をします。NEWS ファイルとは何か、は以前の記事を見てください。 プロと読み解く Ruby 2.6 NEWS ファイル - クックパッド開発者ブログ プロと読み解くRuby 2.7 NEWS - クックパッド開発者ブログ プロと読み解くRuby 3.0 NEWS - クックパッド開発者ブログ プロと読み解く Ruby 3.1 NEWS -

              プロと読み解く Ruby 3.2 NEWS - クックパッド開発者ブログ
            • Inkbase: Programmable Ink

              With pen and paper, anyone can write a journal entry, draw a diagram, perform a calculation, or sketch a cartoon. Digital tablets like the iPad or reMarkable can adapt pen and paper into the world of digital media. In doing so, they trade away some of paper’s advantages like cheapness and tangibility. In exchange, we get new computational powers like nondestructive editing and ease of transmission

                Inkbase: Programmable Ink
              • Goodbye, Node.js Buffer

                The Buffer type has been the cornerstone for binary data handling in Node.js since the beginning. However, these days we have Uint8Array, which is a native JavaScript type and works cross-platform. While Buffer is an instance of Uint8Array, it introduces numerous methods that are not available in other JavaScript environments. Consequently, code leveraging Buffer-specific methods needs polyfilling

                • CVE-2024-4367 - Arbitrary JavaScript execution in PDF.js - Codean Labs

                  This post details CVE-2024-4367, a vulnerability in PDF.js found by Codean Labs. PDF.js is a JavaScript-based PDF viewer maintained by Mozilla. This bug allows an attacker to execute arbitrary JavaScript code as soon as a malicious PDF file is opened. This affects all Firefox users (<126) because PDF.js is used by Firefox to show PDF files, but also seriously impacts many web- and Electron-based a

                    CVE-2024-4367 - Arbitrary JavaScript execution in PDF.js - Codean Labs
                  • Welcome to Wildebeest: the Fediverse on Cloudflare

                    The Fediverse has been a hot topic of discussion lately, with thousands, if not millions, of new users creating accounts on platforms like Mastodon to either move entirely to "the other side" or experiment and learn about this new social network. Today we're introducing Wildebeest, an open-source, easy-to-deploy ActivityPub and Mastodon-compatible server built entirely on top of Cloudflare's Super

                      Welcome to Wildebeest: the Fediverse on Cloudflare
                    • JS Self-Profiling API In Practice

                      Nic Jansma (@nicj) is a software developer at Akamai building high-performance websites, apps and open-source tools. Table of Contents The JS Self-Profiling API What is Sampled Profiling? Downsides to Sampled Profiling API Document Policy API Shape Sample Interval Buffer Who to Profile When to Profile Specific Operations User Interactions Page Load Overhead Anatomy of a Profile Beaconing Size Comp

                        JS Self-Profiling API In Practice
                      • Hypershell: A Type-Level DSL for Shell-Scripting in Rust | Context-Generic Programming

                        Discuss on Reddit, Lobsters, and Hacker News. Summary I am thrilled to introduce Hypershell, a modular, type-level domain-specific language (DSL) for writing shell-script-like programs in Rust. Hypershell is powered by context-generic programming (CGP), which makes it possible for users to extend or modify both the language syntax and semantics. Table of Contents Estimated reading time: 1~2 hours

                          Hypershell: A Type-Level DSL for Shell-Scripting in Rust | Context-Generic Programming
                        • Ruby: frozen_string_literalの歴史と現状、未来を考察する(翻訳)|TechRacho by BPS株式会社

                          概要 元サイトの許諾を得て翻訳・公開いたします。 英語記事: Frozen String Literals: Past, Present, Future? | byroot’s blog 原文公開日: 2025/10/28 原著者: byroot -- Railsコアコミッター、Rubyコミッターです 日本語タイトルは内容に即したものにしました。 frozenは基本的に英ママとしました。 なお、Ruby 3.4以降ではRUBYOPT環境変数でRUBYOPT="--enable-frozen-string-literal"のように指定すれば、その環境で文字列リテラルをデフォルトでfrozenにできます。また、Ruby実行時に--disable-frozen-string-literalを指定すれば一時的にこの設定を解除できます。 Rubyistの皆さんなら、Rubyソースコードのほどんどのフ

                            Ruby: frozen_string_literalの歴史と現状、未来を考察する(翻訳)|TechRacho by BPS株式会社
                          • Announcing TypeScript 5.2 - TypeScript

                            Today we’re excited to announce the release of TypeScript 5.2! If you’re not familiar with TypeScript, it’s a language that builds on top of JavaScript by making it possible to declare and describe types. Writing types in our code allows us to explain intent and have other tools check our code to catch mistakes like typos, issues with null and undefined, and more. Types also power TypeScript’s edi

                              Announcing TypeScript 5.2 - TypeScript
                            • Text2Landscape: Visualize a Text in Multiple Spaces with R — Force-directed networks, Biofabric, Word Embeddings, Principal Component Analysis and Self-Organizing Maps

                              First Visualizations: Frequencies Let us first visualize word frequencies. We can get these frequencies with the quanteda package, which implies transforming the column of lemmas (text.lemmas$lemma) into a quanteda tokens object, then to a document-feature matrix. Doing so, we only retain significant parts of phrases (nous, proper nouns, verbs and adjectives). This only partially spares us the tas

                                Text2Landscape: Visualize a Text in Multiple Spaces with R — Force-directed networks, Biofabric, Word Embeddings, Principal Component Analysis and Self-Organizing Maps
                              • June 2022 (version 1.69)

                                Update 1.69.1: The update addresses these issues. Update 1.69.2: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the June 2022 release of Visual Studio Code. There are many updates in this version that we hope you'll like, some of the key highlights include: 3-way merge editor - Resolve merge conflicts wit

                                  June 2022 (version 1.69)
                                • Golang Mini Reference 2022: A Quick Guide to the Modern Go Programming Language (REVIEW COPY)

                                  Golang Mini Reference 2022 A Quick Guide to the Modern Go Programming Language (REVIEW COPY) Harry Yoon Version 0.9.0, 2022-08-24 REVIEW COPY This is review copy, not to be shared or distributed to others. Please forward any feedback or comments to the author. • feedback@codingbookspress.com The book is tentatively scheduled to be published on September 14th, 2022. We hope that when the release da

                                  • Vjeux » Birth of Prettier

                                    React Conf is around the corner and it's been almost 10 years since Prettier was released. I figured it would be a good time to recount the journey from its early days to now. This is the story of how the "Space vs Tabs Holy War" ended, not through one side winning over the other but instead a technological invention making it the underlying source of tensions no longer being a thing. Back Story S

                                    • Go 1.21 Release Notes - The Go Programming Language

                                      Introduction to Go 1.21 The latest Go release, version 1.21, arrives six months after Go 1.20. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility; in fact, Go 1.21 improves upon that promise. We expect almost all Go programs to continue to compile and run as before. Go 1.21 introduces a small ch

                                        Go 1.21 Release Notes - The Go Programming Language
                                      • Speeding up the JavaScript ecosystem - one library at a time

                                        Whilst the trend is seemingly to rewrite every JavaScript build tool in other languages such as Rust or Go, the current JavaScript-based tools could be a lot faster. The build pipeline in a typical frontend project is usually composed of many different tools working together. But the diversification of tools makes it a little harder to spot performance problems for tooling maintainers as they need

                                          Speeding up the JavaScript ecosystem - one library at a time
                                        • Custom Prisma Client for RLS - Beatrust techBlog

                                          Author: Neo Chiu Background We use Prisma + Postgres from prototype and start to migrate all data with RLS ( Row Level Security ) last year. We are managing multi-tenants data in one database, and we don't want data be accessed cross tenants. RLS restricts data with security policies at database engine level to prevent any unexpected access from client side. You can find more details in Japanese a

                                            Custom Prisma Client for RLS - Beatrust techBlog
                                          • State of Node.js Performance 2023

                                            The year is 2023 and we’ve released Node.js v20. It’s a significant accomplishment, and this article aims to use scientific numbers to assess the state of Node.js’ performance. All the benchmark results contain a reproducible example and hardware details. To reduce the noise for regular readers, the reproducible steps will be collapsed at the beginning of all sections. This article aims to provide

                                            • Why People are Angry over Go 1.23 Iterators - gingerBill

                                              NOTE: This is based on, but completely rewritten, from a Twitter post: https://x.com/TheGingerBill/status/1802645945642799423 TL;DR It makes Go feel too “functional” rather than being an unabashed imperative language. I recently saw a post on Twitter showing the upcoming Go iterator design for Go 1.23 (August 2024). From what I can gather, many people seem to dislike the design. I wanted to give m

                                              • WebKit Features in Safari 17.2

                                                ContentsHTMLCSSImages and videoJavaScriptWeb APIWeb AppsWebGLPrivacyWeb InspectorFixes for Interop 2023 and moreUpdating to Safari 17.2Feedback Web technology is constantly moving forward, with both big new features and small subtle adjustments. Nowadays, web developers expect web browsers to update multiple times a year, instead of the once or twice a year typical of the late 2000s — or the once

                                                  WebKit Features in Safari 17.2
                                                • Using Ultra, the new React web framework - LogRocket Blog

                                                  Table of Contents What is Ultra? Features of Ultra Ultra vs Aleph.js The drawbacks to using Ultra Getting started with Ultra Building components in Ultra Deploying an Ultra app In the world of frontend development, React is one of the most popular libraries for developing components for web applications. React v18 includes new features, such as concurrent rendering, and it supports SSR with React

                                                    Using Ultra, the new React web framework - LogRocket Blog
                                                  • Gwtar: a static efficient single-file HTML format · Gwern.net

                                                    Gwtar is a new polyglot HTML archival format which provides a single, self-contained, HTML file which still can be efficiently lazy-loaded by a web browser. This is done by a header’s JavaScript making HTTP range requests. It is used on Gwern.net to serve large HTML archives. Archiving HTML files faces a trilemma: it is easy to create an archival format which is any two of “static” (self-contained

                                                      Gwtar: a static efficient single-file HTML format · Gwern.net
                                                    • MAI-Thinking-1: Building a Hill-Climbing Machine

                                                      MAI-Thinking-1: Building a Hill-Climbing Machine The Microsoft AI Team 1 Abstract Progress in AI is driven not by a single model, but by the ability to continually improve upon the current state of models. Achieving this requires treating model development as a system-level optimization problem, for which the solution is building a hill-climbing machine for rapid improvement. Our process includes

                                                      • 進化が止まらない!Next.js13の基本機能をしっかり理解しよう | アールエフェクト

                                                        Next.jsは現在最も人気のあるReactベースのフルスタックのJavaScriptフレームワークです。バージョンがアップする毎に新しい機能が次々に追加されNext.js13からServer ComponentsなどReactの最新機能を利用したApp Routerが登場しました。App Routerはファイル名でルーティングを設定していた既存のPage Routerとは全く異なる機能で設定方法も一から学び直す必要があります。新たにプロジェクトを作成するのであればApp Routerを利用することが推奨されていますが同時に両方の機能を利用することも可能です。 次々に新しい機能が追加される反面、ネット上に公開されている記事もすぐにOutDatedなものになっています。この文書もすぐにOutdatedなものになってしまうと思いますが現在(2023年5月)の最新バージョン13.4のドキュメント

                                                          進化が止まらない!Next.js13の基本機能をしっかり理解しよう | アールエフェクト
                                                        • Speeding up the JavaScript ecosystem - Polyfills gone rogue

                                                          In the previous posts we looked at runtime performance and I thought it would be fun to look at node modules install time instead. A lot has been already written about various algorithmic optimizations or using more performant syscalls, but why do we even have this problem in the first place? Why is every node_modules folders so big? Where are all these dependencies coming from? It all started whe

                                                            Speeding up the JavaScript ecosystem - Polyfills gone rogue
                                                          • The world after IE left

                                                            The world after IE left.This page is based on data from mdn/compat-data.Chrome ≧Safari ≧Firefox ≧Edge ≧🔁 ReloadJavaScriptCSSHTMLAPIHTTPSVGWebExtensionsJavaScriptbuiltinsArray[mdn][spec]@@iterator[mdn][spec]@@species[mdn][spec]@@unscopables[mdn][spec]copyWithin[mdn][spec]entries[mdn][spec]fill[mdn][spec]find[mdn][spec]findIndex[mdn][spec]flat[mdn][spec]flatMap[mdn][spec]from[mdn][spec]includes[mdn

                                                              The world after IE left
                                                            • Go 1.19 Release Notes - The Go Programming Language

                                                              Introduction to Go 1.19 The latest Go release, version 1.19, arrives five months after Go 1.18. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. Changes to the language There is only one small change to the language, a

                                                                Go 1.19 Release Notes - The Go Programming Language
                                                              • October 2024 (version 1.95)

                                                                GitHub Pull Requests Version 0.100.0 of the GitHub Pull Requests extension adds Copilot integration: Use the @githubpr chat participant in the Chat view to search for issues, summarize issues/prs, and suggest fixes for issues. @githubpr uses a number of Language Model tools to accomplish this. There's also a new Notifications view that shows GitHub notifications, with an action to prioritize them

                                                                  October 2024 (version 1.95)
                                                                • Frozen String Literals: Past, Present, Future?

                                                                  If you are a Rubyist, you’ve likely been writing # frozen_string_literal: true at the top of most of your Ruby source code files, or at the very least, that you’ve seen it in some other projects. Based on informal discussions at conferences and online, it seems that what this magic comment really is about is not always well understood, so I figured it would be worth talking about why it’s there, w

                                                                  • Speeding up the JavaScript ecosystem - eslint

                                                                    We've talked quite a bit about linting in the past two posts of this series, so I thought it's time to give eslint the proper limelight it deserves. Overall eslint is so flexible, that you can even swap out the parser for a completely different one. That's not a rare scenario either as with the rise of JSX and TypeScript that is frequently done. Enriched by a healthy ecosystem of plugins and prese

                                                                      Speeding up the JavaScript ecosystem - eslint
                                                                    • prompts.chat - AI Prompts Community

                                                                      --- name: skill-creator description: Guide for creating effective skills. This skill should be used when users want to create a new skill (or update an existing skill) that extends Claude's capabilities with specialized knowledge, workflows, or tool integrations. license: Complete terms in LICENSE.txt --- # Skill Creator This skill provides guidance for creating effective skills. ## About Skills S

                                                                        prompts.chat - AI Prompts Community
                                                                      • ROFL with a LOL: rewriting an NGINX module in Rust

                                                                        ROFL with a LOL: rewriting an NGINX module in Rust2023-02-24 At Cloudflare, engineers spend a great deal of time refactoring or rewriting existing functionality. When your company doubles the amount of traffic it handles every year, what was once an elegant solution to a problem can quickly become outdated as the engineering constraints change. Not only that, but when you're averaging 40 million r

                                                                          ROFL with a LOL: rewriting an NGINX module in Rust
                                                                        • V8 Torque user manual · V8

                                                                          V8 Torque is a language that allows developers contributing to the V8 project to express changes in the VM by focusing on the intent of their changes to the VM, rather than preoccupying themselves with unrelated implementation details. The language was designed to be simple enough to make it easy to directly translate the ECMAScript specification into an implementation in V8, but powerful enough t

                                                                          • Unicode is harder than you think · mcilloni's blog

                                                                            Reading the excellent article by JeanHeyd Meneide on how broken string encoding in C/C++ is made me realise that Unicode is a topic that is often overlooked by a large number of developers. In my experience, there’s a lot of confusion and wrong expectations on what Unicode is, and what best practices to follow when dealing with strings that may contain characters outside of the ASCII range. This a

                                                                            • Announcing typescript-eslint v6 | typescript-eslint

                                                                              typescript-eslint is the tooling that enables standard JavaScript tools such as ESLint and Prettier to support TypeScript code. We've been working on a set of breaking changes and general features that we're excited to get released! 🎉 We'd previously blogged about v6 in Announcing typescript-eslint v6 Beta. This blog post contains much of the same information as that one, but updated for changes

                                                                                Announcing typescript-eslint v6 | typescript-eslint
                                                                              • Yes, I can connect to a DB in CSS

                                                                                As they’re wont to do, a certain tweet was floating around the interwebs for a while the other week. Recruiters be like: We’re looking for someone who can connect to the database using CSS. It’s been a hell of a long time since I last embarked on a quality shitpost project1, in fact it’s been so long that back then I probably didn’t even have the word shitpost in my vocabulary. To that end, I was

                                                                                • Go 1.19 Release Notes - The Go Programming Language

                                                                                  Introduction to Go 1.19 The latest Go release, version 1.19, arrives five months after Go 1.18. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. Changes to the language There is only one small change to the language, a

                                                                                    Go 1.19 Release Notes - The Go Programming Language