// Good: choose between two options as appropriate (see below). import * as ng from '@angular/core'; import {Foo} from './foo'; // Only when needed: default imports. import Button from 'Button'; // Sometimes needed to import libraries for their side effects: import 'jasmine'; import '@polymer/paper-button'; Import paths TypeScript code must use paths to import other TypeScript code. Paths may be r
はじめに 対象イベント 読み方、使い方 Remote Code Execution(RCE) 親ディレクトリ指定によるopen_basedirのバイパス PHP-FPMのTCPソケット接続によるopen_basedirとdisable_functionsのバイパス JavaのRuntime.execでシェルを実行 Cross-Site Scripting(XSS) nginx環境でHTTPステータスコードが操作できる場合にCSPヘッダーを無効化 GoogleのClosureLibraryサニタイザーのXSS脆弱性 WebのProxy機能を介したService Workerの登録 括弧を使わないXSS /記号を使用せずに遷移先URLを指定 SOME(Same Origin Method Execution)を利用してdocument.writeを順次実行 SQL Injection MySQ
How I built a modern website in 2021September 29th, 2021 — 34 min read For over half of 2021, I worked on a complete rewrite of kentcdodds.com. You're reading this on the rewrite of this site! Are you using dark mode or light mode? Have you signed in and selected your team yet? Have you tried to call into the Call Kent Podcast? This blog post isn't about these and other features of the new site, b
REST API Design Best Practices Handbook – How to Build a REST API with JavaScript, Node.js, and Express.js
By Jean-Marc Möckel I've created and consumed many API's over the past few years. During that time, I've come across good and bad practices and have experienced nasty situations when consuming and building API's. But there also have been great moments. There are helpful articles online which present many best practices, but many of them lack some practicality in my opinion. Knowing the theory with
Developers are increasingly relying on AI coding assistants to accelerate our daily workflows. These tools can autocomplete functions, suggest bug fixes, and even generate entire modules or MVPs. Yet, as many of us have learned, the quality of the AI’s output depends largely on the quality of the prompt you provide. In other words, prompt engineering has become an essential skill. A poorly phrased
GitHub - modelcontextprotocol/servers: Model Context Protocol Servers
Official integrations are maintained by companies building production ready MCP servers for their platforms. 21st.dev Magic - Create crafted UI components inspired by the best 21st.dev design engineers. ActionKit by Paragon - Connect to 130+ SaaS integrations (e.g. Slack, Salesforce, Gmail) with Paragon’s ActionKit API. Adfin - The only platform you need to get paid - all payments in one place, in
What's New In DevTools (Chrome 94) | Blog | Chrome for Developers
Use DevTools in your preferred language Chrome DevTools now supports more than 80 languages, allowing you to work in your preferred language! Open Settings, then select your preferred language under the Preferences > Language dropdown and reload DevTools. Preferences" width="800" height="494"> Chromium issue: 1163928 New Nest Hub devices in the Device list You can now simulate the dimensions of Ne
Preliminaries What Is xargs? It's an adapter between text streams and argv arrays, two essential concepts in shell. You pass it flags that specify how to split stdin. Then it generates arguments and invokes processes. Example: $ echo 'alice bob' | xargs -n 1 -- echo hi hi alice hi bob What's happening here? xargs splits the input stream on whitespace, producing 2 arguments, alice and bob. We passe
With pen and paper, anyone can write a journal entry, draw a diagram, perform a calculation, or sketch a cartoon. Digital tablets like the iPad or reMarkable can adapt pen and paper into the world of digital media. In doing so, they trade away some of paper’s advantages like cheapness and tangibility. In exchange, we get new computational powers like nondestructive editing and ease of transmission
LogLog Games
The article is also available in Chinese. Disclaimer: This post is a very long collection of thoughts and problems I've had over the years, and also addresses some of the arguments I've been repeatedly told. This post expresses my opinion the has been formed over using Rust for gamedev for many thousands of hours over many years, and multiple finished games. This isn't meant to brag or indicate su
Sublime Text 4
The first stable release of Sublime Text 4 has finally arrived! We've worked hard on providing improvements without losing focus on what makes Sublime Text great. There are some new major features that we hope will significantly improve your workflow and a countless number of minor improvements across the board. A huge thanks goes out to all the beta testers on discord and all the contributors to
Advancing Excel as a programming language with Andy Gordon and Simon Peyton Jones - Microsoft Research
Episode 120 | May 5, 2021 Today, people around the globe—from teachers to small-business owners to finance executives—use Microsoft Excel to make sense of the information that occupies their respective worlds, and whether they realize it or not, in doing so, they’re taking on the role of programmer. In this episode, Senior Principal Research Manager Andy Gordon, who leads the Calc Intelligence tea
Nic Jansma (@nicj) is a software developer at Akamai building high-performance websites, apps and open-source tools. Table of Contents The JS Self-Profiling API What is Sampled Profiling? Downsides to Sampled Profiling API Document Policy API Shape Sample Interval Buffer Who to Profile When to Profile Specific Operations User Interactions Page Load Overhead Anatomy of a Profile Beaconing Size Comp
At Stripe, our product docs are designed to feel like an application rather than a traditional user manual. For example, we incorporate a user's own API test key into code samples, making it possible to copy and paste code that seamlessly works with the user's own account. We have client-side interactivity, like checklists and collapsible sections. We tailor the content to the individual user, con
WebKit Features in Safari 17.4
ContentsArchitectural improvementsWeb AppsForm elementsCSSWeb APIJavaScriptMediaSVGWebGLWeb AssemblyWeb InspectorChanges to SafariSafari ExtensionsWeb AuthenticationBug Fixes and moreUpdating to Safari 17.4Feedback Just like Safari 15.4 and Safari 16.4, this March’s release of Safari 17.4 is a significant one for web developers. We’re proud to announce another 46 features and 146 bug fixes. You ca
Toggle dark mode What follows is a brain dump of everything I know about compiling Rust to WebAssembly. Enjoy. Some time ago, I wrote a blog post on how to compile C to WebAssembly without Emscripten, i.e. without the default tool that makes that process easy. In Rust, the tool that makes WebAssembly easy is called wasm-bindgen, and we are going to ditch it! At the same time, Rust is a bit differe
Why Rust strings seem hard April 13, 2021 Lately I've been seeing lots of anecdotes from people trying to get into Rust who get really hung up on strings (&str, String, and their relationship). Beyond Rust's usual challenges around ownership, there can be an added layer of frustration because strings are so easy in the great majority of languages. You just add them together, split them, whatever!
WebKit Features in Safari 18.0
ContentsNew in Safari 18Web apps for MacCSSSpatial WebHTMLJavaScriptWeb APICanvasManaged Media SourceWebRTCHTTPSWebGLWeb InspectorPasskeysSafari ExtensionsApple PayDeprecationsBug Fixes and moreUpdating to Safari 18.0Feedback Safari 18.0 is here. Along with iOS 18, iPadOS 18, macOS Sequoia and visionOS 2, today is the day another 53 web platform features, as well as 25 deprecations and 209 resolve
Highlights This is a summary of the significant changes, both breaking and non-breaking, you need to know about when upgrading from ESLint v8.x to ESLint v9.0.0. Installing Because this is a major release, you may not automatically be upgraded by npm. To ensure you are using this version, run: npm i eslint@9.0.0 --save-dev Copy code to clipboard Migration Guide As there are a lot of changes, we’ve
The Ultimate Interactive JQ Guide Learn how to search, query, and modify JSON data with 25 interactive jq examples and explanations Cover Photo by Pixabay Has this ever happened to you? You’ve just received a massive JSON file that looks like it was designed to confuse you. Or maybe you entered a command, and you got so much JSON that it looks incomprehensible. Important: Level up your jq skills w
Join a VS Code Dev Days event near you to learn about AI-assisted development in VS Code. Update 1.54.1: The update addresses an issue with an extension dependency. Update 1.54.2: The update addresses these issues. Update 1.54.3: The update addresses this issue. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the February 2021 release of Vi
python_modules.pdf
Python3 OpenCV / Pillow / pygame / Eel / PyDub / NumPy / matplotlib / SciPy / SymPy / gmpy2 / hashlib, passlib / Cython / Numba / ctypes / PyInstaller / curses / tqdm / JupyterLab / json / psutil / urllib / zenhan / jaconv Copyright © 2017-2025, Katsunori Nakamura 2025 8 19 Python ‘ .py’ Python Python Windows PSF Python py .py Enter macOS Linux PSF Python python3 .py Enter Anaconda Prompt Python p
The string is arguably the most essential data type in programming — every programming language and software in the world uses strings in one way or another. It enables humans to easily communicate with sophisticated programs and machines. One thing that would help you a lot as a programmer is understanding how to use and manipulate strings so that you can build programs users love. Regular expres
The proposal “Pipe operator (|>) for JavaScript” (by J. S. Choi, James DiGioia, Ron Buckton and Tab Atkins) introduces a new operator. This operator is an idea borrowed from functional programming that makes applying functions more convenient in many cases. This blog post describes how the pipe operator works and what its use cases are (there are more than you might expect!). The two competing pro
WebKit Features in Safari 17.2
ContentsHTMLCSSImages and videoJavaScriptWeb APIWeb AppsWebGLPrivacyWeb InspectorFixes for Interop 2023 and moreUpdating to Safari 17.2Feedback Web technology is constantly moving forward, with both big new features and small subtle adjustments. Nowadays, web developers expect web browsers to update multiple times a year, instead of the once or twice a year typical of the late 2000s — or the once
Jun 10, 2024 by Jen Simmons, Jon Davis, Karl Dubost, Anne van Kesteren, Marcos Cáceres, Ada Rose Canon, Tim Nguyen, Sanjana Aithal, Pascoe, and Garrett Davidson ContentsWebXRCSSWeb apps for MacSafari ExtensionsSpatial mediaHTMLMediaWebRTCPasskeysHTTPSJavaScriptWeb APICanvasWebGLWeb InspectorWKWebViewApple PayDeprecationsBug Fixes and moreHelp us Beta TestFeedback The last year has been a great one
V8’s end-tier optimizing compiler, Turbofan, is famously one of the few large-scale production compilers to use Sea of Nodes (SoN). However, since almost 3 years ago, we’ve started to get rid of Sea of Nodes and fall back to a more traditional Control-Flow Graph (CFG) Intermediate Representation (IR), which we named Turboshaft. By now, the whole JavaScript backend of Turbofan uses Turboshaft inste
Summary Introduce virtual threads to the Java Platform. Virtual threads are lightweight threads that dramatically reduce the effort of writing, maintaining, and observing high-throughput concurrent applications. This is a preview API. Goals Enable server applications written in the simple thread-per-request style to scale with near-optimal hardware utilization. Enable existing code that uses the j
I’m a fairly frequent Hacker News lurker, especially when I have some other important task that I’m avoiding. I normally head to the Active page (lots of comments, good for procrastination) and pick a nice long discussion thread to browse. So over time I’ve ended up with a good sense of what topics come up a lot. “The Bay Area is too expensive.” “There are too many JavaScript frameworks.” “Bootcam
ECMAScript proposal: RegExp flag `/v` makes character classes and character class escapes more powerful
ECMAScript proposal: RegExp flag /v makes character classes and character class escapes more powerful In this blog post, we look at the ECMAScript proposal “RegExp v flag with set notation + properties of strings” by Markus Scherer and Mathias Bynens. The new flag /v # The proposed new regular expression flag /v (.unicodeSets) enables three features: Support for multi-code-point graphemes (such a
We've talked quite a bit about linting in the past two posts of this series, so I thought it's time to give eslint the proper limelight it deserves. Overall eslint is so flexible, that you can even swap out the parser for a completely different one. That's not a rare scenario either as with the rise of JSX and TypeScript that is frequently done. Enriched by a healthy ecosystem of plugins and prese
A Deep Dive Into The Wonderful World Of SVG Displacement Filtering — Smashing Magazine
What exactly is a displacement filter? In this article, Dirk Weber will be diving into one of the most spectacular filter effects: the SVG feDisplacementMap filter primitive. In order to make it all easier to digest, Dirk has divided the article into three parts in which you’ll be exploring how the feDisplacementMap works, methods to create fancy displacement maps in SVG, and methods to animate th
After almost three years since the initial design document and hundreds of CLs in the meantime, the V8 Sandbox — a lightweight, in-process sandbox for V8 — has now progressed to the point where it is no longer considered an experimental security feature. Starting today, the V8 Sandbox is included in Chrome's Vulnerability Reward Program (VRP). While there are still a number of issues to resolve be
prompts.chat
Welcome to the “Awesome ChatGPT Prompts” repository! While this collection was originally created for ChatGPT, these prompts work great with other AI models like Claude, Gemini, Hugging Face Chat, Llama, Mistral, and more. ChatGPT is a web interface created by OpenAI that provides access to their GPT (Generative Pre-trained Transformer) language models. The underlying models, like GPT-4o and GPT-o
Comprehensive guide on React re-renders. The guide explains what re-renders are, what a necessary and unnecessary re-render is, what can trigger a React component re-render. Also includes most important patterns that can help prevent re-renders and a few anti-patterns that lead to unnecessary re-renders and poor performance as a result. Every pattern and antipattern is accompanied by a visual aid
Toggle dark mode Add WebAssembly, get performance. Is that how it really works? The incredibly unsatisfying answer is: It depends. It depends on oh-so-many factors, and I’ll be touching on some of them here. Why am I doing this? (You can skip this) I really like AssemblyScript (full disclosure: I am one of their backers). It’s a very young language with a small but passionate team that built a cus
Reading the excellent article by JeanHeyd Meneide on how broken string encoding in C/C++ is made me realise that Unicode is a topic that is often overlooked by a large number of developers. In my experience, there’s a lot of confusion and wrong expectations on what Unicode is, and what best practices to follow when dealing with strings that may contain characters outside of the ASCII range. This a
What's New In DevTools (Chrome 89) | Blog | Chrome for Developers
Debugging support for Trusted Types violations Breakpoint on Trusted Type violations You can now set breakpoints and catch exceptions on Trusted Type Violations in the Sources panel. Trusted Types API helps you prevent DOM-based cross-site scripting vulnerabilities. Learn how to write, review and maintain applications free of DOM XSS vulnerabilities with Trusted Types here. In the Sources panel, o
Why SQL template tags are not vulnerable to SQL injection attacksLearn what SQL template tags are, how they work under the hood, and why the are not vulnerable to SQL injection attacks SQL injection is one of the most well-known security vulnerabilities, allowing attackers to manipulate database queries and potentially gain unauthorized access to sensitive data. However, using our serverless drive
Join a VS Code Dev Days event near you to learn about AI-assisted development in VS Code. Update 1.57.1: The update addresses these issues. The Workspace Trust feature addresses CVE-2021-34529. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the May 2021 release of Visual Studio Code. There are a number of updates in this version that we ho
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
Google TypeScript Style Guide
【2020年】CTF Web問題の攻撃手法まとめ - こんとろーるしーこんとろーるぶい
How I built a modern website in 2021
The Prompt Engineering Playbook for Programmers
An Opinionated Guide to xargs
Inkbase: Programmable Ink
JS Self-Profiling API In Practice
How Stripe builds interactive docs with Markdoc
Rust to WebAssembly the hard way — surma.dev
Why Rust strings seem hard | Brandon's Website
ESLint v9.0.0 released - ESLint - Pluggable JavaScript Linter
The Ultimate Interactive JQ Guide
February 2021 (version 1.54)
The ultimate JavaScript regex guide
A pipe operator for JavaScript: introduction and use cases
News from WWDC24: WebKit in Safari 18 beta
Land ahoy: leaving the Sea of Nodes · V8
JEP 425: Virtual Threads (Preview)
Hacker News folk wisdom on visual programming
Speeding up the JavaScript ecosystem - eslint
The V8 Sandbox · V8
React re-renders guide: everything, all at once
Is WebAssembly magic performance pixie dust? — surma.dev
Unicode is harder than you think · mcilloni's blog
Why SQL template tags are not vulnerable to SQL injection attacks - Neon
May 2021 (version 1.57)