並び順

ブックマーク数

期間指定

  • から
  • まで

1 - 40 件 / 45件

新着順 人気順

javascript string array join new lineの検索結果1 - 40 件 / 45件

  • 【2020年】CTF Web問題の攻撃手法まとめ - こんとろーるしーこんとろーるぶい

    はじめに 対象イベント 読み方、使い方 Remote Code Execution(RCE) 親ディレクトリ指定によるopen_basedirのバイパス PHP-FPMのTCPソケット接続によるopen_basedirとdisable_functionsのバイパス JavaのRuntime.execでシェルを実行 Cross-Site Scripting(XSS) nginx環境でHTTPステータスコードが操作できる場合にCSPヘッダーを無効化 GoogleのClosureLibraryサニタイザーのXSS脆弱性 WebのProxy機能を介したService Workerの登録 括弧を使わないXSS /記号を使用せずに遷移先URLを指定 SOME(Same Origin Method Execution)を利用してdocument.writeを順次実行 SQL Injection MySQ

      【2020年】CTF Web問題の攻撃手法まとめ - こんとろーるしーこんとろーるぶい
    • 防衛省サイバーコンテスト 2025 writeup - st98 の日記帳 - コピー

      2/2に12時間というちょうどよい競技時間で開催された。21時終了だったけれども、11時45分ぐらいに最速で全完して1位🎉 第1回以来4年ぶりの優勝だ。昨年大会の第4回ではヒントの閲覧数で優勝を逃してしまって悔しい思いをしたので、雪辱を果たすことができ嬉しい。開始直後からずっと1位を独走できており、510名のプレイヤーがいる中で圧勝だったのも嬉しい。 昨年度や一昨年度はバルクが作問を担当していたが、今回はAGESTが担当していた。これまでの問題と比較すると全体的に易化したように思うが、解くにあたって発想の大きな飛躍を必要とするいわゆる「エスパー要素」のある問題はごく一部を除いて存在しておらず*1、よかったと思う。また、昨年度・一昨年度に引き続きwriteupは公開可能というのもよかった。 戦略というほどの戦略は立てていなかったけれども、とりあえずWebを見た後は全カテゴリを上から見ていき

        防衛省サイバーコンテスト 2025 writeup - st98 の日記帳 - コピー
      • プロと読み解く Ruby 3.1 NEWS - クックパッド開発者ブログ

        技術部の笹田(ko1)と遠藤(mame)です。クックパッドで Ruby (MRI: Matz Ruby Implementation、いわゆる ruby コマンド) の開発をしています。お金をもらって Ruby を開発しているのでプロの Ruby コミッタです。 本日 12/25 に、ついに Ruby 3.1.0 がリリースされました(Ruby 3.1.0 リリース )。今年も Ruby 3.1 の NEWS.md ファイルの解説をします。NEWS ファイルとは何か、は以前の記事を見てください。 プロと読み解く Ruby 2.6 NEWS ファイル - クックパッド開発者ブログ プロと読み解くRuby 2.7 NEWS - クックパッド開発者ブログ プロと読み解くRuby 3.0 NEWS - クックパッド開発者ブログ 本記事は新機能を解説することもさることながら、変更が入った背景や苦労な

          プロと読み解く Ruby 3.1 NEWS - クックパッド開発者ブログ
        • WebAssemblyを用いてBERTモデルをフロントエンドで動かす - OPTiM TECH BLOG

          はじめまして。R&Dチーム所属、20.5卒の伊藤です。 普段の業務では自然言語処理と格闘していることが多いです。 今回は自然言語処理モデルとして有名なBERTをWebAssemblyを使用してフロントエンドで動かしてみた話になります。 最近、自然言語処理ライブラリとして普段お世話になっているHugging Face社のTransformersのTokenizerがRustで実装されていることを知り、それならばWebAssemblyにコンパイルして動かせるのではないかと試したみたのがきっかけです。 Tokenizerのみ動かしても実用性に乏しいため、Tokenizerから得られた結果からBERTを用いた推論をブラウザで動作させるまでを行い、備忘録がでら手順をまとめました。 どなたかの参考になれば幸いです。 8/26追記 本記事内のコードを含むリポジトリを公開しました!Dockerを使用してブ

            WebAssemblyを用いてBERTモデルをフロントエンドで動かす - OPTiM TECH BLOG
          • WebKit Features in Safari 16.4

            Mar 27, 2023 by Patrick Angle, Marcos Caceres, Razvan Caliman, Jon Davis, Brady Eidson, Timothy Hatcher, Ryosuke Niwa, and Jen Simmons ContentsWeb Push on iOS and iPadOSImprovements for Web AppsWeb ComponentsCSSHTMLJavaScript and WebAssemblyWeb APIImages, Video, and AudioWKWebViewDeveloper ToolingWeb InspectorSafari Web ExtensionsSafari Content BlockersNew Restrictions in Lockdown ModeMore Improve

              WebKit Features in Safari 16.4
            • プロと読み解くRuby 4.0 NEWS - STORES Product Blog

              プロと読み解くRuby 4.0 NEWS テクノロジー部門技術推進グループの笹田(ko1)と遠藤(mame)です。Ruby (MRI: Matz Ruby Implementation、いわゆる ruby コマンド) の開発をしています。お金をもらって Ruby を開発しているのでプロの Ruby コミッタです。 本日 12/25 に、恒例のクリスマスリリースとして、Ruby 4.0.0 がリリースされました(Ruby 4.0.0 リリース | Ruby)。今年も STORES Product Blog にて Ruby 4.0 の NEWS.md ファイルの解説をします(ちなみに、STORES Advent Calendar 2025 の記事になります。他も読んでね)。NEWS ファイルとは何か、は以前の記事を見てください。 プロと読み解く Ruby 2.6 NEWS ファイル - クック

                プロと読み解くRuby 4.0 NEWS - STORES Product Blog
              • Writing a C compiler in 500 lines of Python

                A few months ago, I set myself the challenge of writing a C compiler in 500 lines of Python1, after writing my SDF donut post. How hard could it be? The answer was, pretty hard, even when dropping quite a few features. But it was also pretty interesting, and the result is surprisingly functional and not too hard to understand! There's too much code for me to comprehensively cover in a single blog

                • Prettier 3.0: Hello, ECMAScript Modules! · Prettier

                  We are excited to announce the release of the new version of Prettier! We have made the migration to using ECMAScript Modules for all our source code. This change has significantly improved the development experience for the Prettier team. Please rest assured that when using Prettier as a library, you can still use it as CommonJS as well. This update comes with several breaking changes. One notabl

                    Prettier 3.0: Hello, ECMAScript Modules! · Prettier
                  • CVE-2024-4367 - Arbitrary JavaScript execution in PDF.js - Codean Labs

                    This post details CVE-2024-4367, a vulnerability in PDF.js found by Codean Labs. PDF.js is a JavaScript-based PDF viewer maintained by Mozilla. This bug allows an attacker to execute arbitrary JavaScript code as soon as a malicious PDF file is opened. This affects all Firefox users (<126) because PDF.js is used by Firefox to show PDF files, but also seriously impacts many web- and Electron-based a

                      CVE-2024-4367 - Arbitrary JavaScript execution in PDF.js - Codean Labs
                    • RubyKaigi 2024 参加レポート - ZOZO TECH BLOG

                      こんにちは、DevRelブロックのikkouです。2024年5月15日から17日の3日間にわたり沖縄県は那覇市で「RubyKaigi 2024」が開催されました。ZOZOは例年同様プラチナスポンサーとして協賛し、スポンサーブースを出展しました。 technote.zozo.com ZOZOとWEARとRubyKaigi エンジニアによるセッション紹介 Generating a custom SDK for your web service or Rails API Namespace, What and Why YJIT Makes Rails 1.7x Faster Using Ruby in the browser is wonderful. An adventure of Happy Eyeballs Embedding it into Ruby code Unlocking Pot

                        RubyKaigi 2024 参加レポート - ZOZO TECH BLOG
                      • Railsとdoorkeeper-openid_connectやOmniAuth を使って、OpenID Connectの OpenID Provider と Relying Party を作ってみた - メモ的な思考的な

                        OAuth2やOpenID Connectの理解を深めようと思い、 OAuth徹底入門 セキュアな認可システムを適用するための原則と実践(Justin Richer Antonio Sanso 須田 智之 Authlete, Inc.)|翔泳社の本 Auth屋さんの書籍 【電子版】雰囲気でOAuth2.0を使っているエンジニアがOAuth2.0を整理して、手を動かしながら学べる本 - Auth屋 - BOOTH 【電子版】OAuth、OAuth認証、OpenID Connectの違いを整理して理解できる本 - Auth屋 - BOOTH 【電子版】OAuth・OIDCへの攻撃と対策を整理して理解できる本(リダイレクトへの攻撃編 - Auth屋 - BOOTH OAuth認証とは何か?なぜダメなのか - 2020冬 - r-weblife OAuth & OpenID Connect 関連仕

                          Railsとdoorkeeper-openid_connectやOmniAuth を使って、OpenID Connectの OpenID Provider と Relying Party を作ってみた - メモ的な思考的な
                        • Golang Mini Reference 2022: A Quick Guide to the Modern Go Programming Language (REVIEW COPY)

                          Golang Mini Reference 2022 A Quick Guide to the Modern Go Programming Language (REVIEW COPY) Harry Yoon Version 0.9.0, 2022-08-24 REVIEW COPY This is review copy, not to be shared or distributed to others. Please forward any feedback or comments to the author. • feedback@codingbookspress.com The book is tentatively scheduled to be published on September 14th, 2022. We hope that when the release da

                          • Weird Lexical Syntax

                            I just learned 42 programming languages this month to build a new syntax highlighter for llamafile. I feel like I'm up to my eyeballs in programming languages right now. Now that it's halloween, I thought I'd share some of the spookiest most surprising syntax I've seen. The languages I decided to support are Ada, Assembly, BASIC, C, C#, C++, COBOL, CSS, D, FORTH, FORTRAN, Go, Haskell, HTML, Java,

                              Weird Lexical Syntax
                            • Mastodon: Ruby on Rails Open Source Web App

                              The product https://joinmastodon.org Mastodon is a free, open-source social network server based on ActivityPub where users can follow friends and discover new ones. On Mastodon, users can publish anything they want: links, pictures, text, and video. All Mastodon servers are interoperable as a federated network. Open source The project is open source at https://github.com/mastodon/mastodon License

                                Mastodon: Ruby on Rails Open Source Web App
                              • The Ultimate Interactive JQ Guide

                                The Ultimate Interactive JQ Guide Learn how to search, query, and modify JSON data with 25 interactive jq examples and explanations Cover Photo by Pixabay Has this ever happened to you? You’ve just received a massive JSON file that looks like it was designed to confuse you. Or maybe you entered a command, and you got so much JSON that it looks incomprehensible. Important: Level up your jq skills w

                                  The Ultimate Interactive JQ Guide
                                • July 2022 (version 1.70)

                                  Join a VS Code Dev Days event near you to learn about AI-assisted development in VS Code. Update 1.70.1: The update addresses these issues. Update 1.70.2: The update addresses these issues. Update 1.70.3: This update is only available for Windows 7 users and is the last release supporting Windows 7. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welc

                                    July 2022 (version 1.70)
                                  • NakedJSX - Use JSX without React

                                    Use JSX without ReactNakedJSX is a command-line tool for generating HTML files from JSX. The output is pure HTML and CSS - unless you choose to add your own JavaScript. This is an overview. Please refer to the documentation for a detailed look at each feature. This page was built using NakedJSX. You can look at its source. At a GlanceGenerate static HTML files from JSX by running an npx command. S

                                    • Regexide

                                      Why XML Comments matter XML is a popular format for storing and sharing data. It was explicitly designed for people and programs to read and write data.[1] From spreadsheets to save states, most modern software and games parse and write XML. XML comments are special notes that parsers should not treat as data. XML comments start with <!-- and end with -->. Technically XML comments must not contain

                                      • April 2025 (version 1.100)

                                        Version 1.108 is now available! Read about the new features and fixes from December. Release date: May 8, 2025 Update: Enable Next Edit Suggestions (NES) by default in VS Code Stable (more...). Update 1.100.1: The update addresses these security issues. Update 1.100.2: The update addresses these issues. Update 1.100.3: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Univers

                                          April 2025 (version 1.100)
                                        • Typescript Runtime Validators and DX, a type-checking performance analysis of zod/superstruct/yup/typebox

                                          Typescript Runtime Validators and DX, a type-checking performance analysis of zod/superstruct/yup/typebox Preface In 2023, Typescript is rarely questioned as an important tool for modern JavaScript developers, but one of its biggest limitations is the lack of added runtime type safety, particularly when dealing with IO at the boundaries of your application. To solve this problem a number of popula

                                            Typescript Runtime Validators and DX, a type-checking performance analysis of zod/superstruct/yup/typebox
                                          • A pipe operator for JavaScript: introduction and use cases

                                            The proposal “Pipe operator (|>) for JavaScript” (by J. S. Choi, James DiGioia, Ron Buckton and Tab Atkins) introduces a new operator. This operator is an idea borrowed from functional programming that makes applying functions more convenient in many cases. This blog post describes how the pipe operator works and what its use cases are (there are more than you might expect!). The two competing pro

                                            • My thoughts on writing a Minecraft server from scratch (in Bash)

                                              My thoughts on writing a Minecraft server from scratch (in Bash) For the past year or so, I've been thinking about writing a Minecraft server in Bash as a thought excercise. I once tried that before with the Classic protocol (the one from 2009), but I quickly realized there wasn't really a way to properly parse binary data in bash. Take the following code sample: function a() { read -n 2 uwu echo

                                              • MAI-Thinking-1: Building a Hill-Climbing Machine

                                                MAI-Thinking-1: Building a Hill-Climbing Machine The Microsoft AI Team 1 Abstract Progress in AI is driven not by a single model, but by the ability to continually improve upon the current state of models. Achieving this requires treating model development as a system-level optimization problem, for which the solution is building a hill-climbing machine for rapid improvement. Our process includes

                                                • Biome v2.4—Embedded Snippets, HTML Accessibility, and Better Framework Support

                                                  Biome v2.4 is the first minor release of the year! After more than ten patches from v2.3, today we bring to you a new version that contains many new features! Once you have upgraded to Biome v2.4.0, migrate your Biome configuration to the new version by running the migrate command: biome migrate --write Highlights Among all the features shipped in this release, here are the ones we think you’re go

                                                    Biome v2.4—Embedded Snippets, HTML Accessibility, and Better Framework Support
                                                  • JEP 425: Virtual Threads (Preview)

                                                    Summary Introduce virtual threads to the Java Platform. Virtual threads are lightweight threads that dramatically reduce the effort of writing, maintaining, and observing high-throughput concurrent applications. This is a preview API. Goals Enable server applications written in the simple thread-per-request style to scale with near-optimal hardware utilization. Enable existing code that uses the j

                                                    • Frozen String Literals: Past, Present, Future?

                                                      If you are a Rubyist, you’ve likely been writing # frozen_string_literal: true at the top of most of your Ruby source code files, or at the very least, that you’ve seen it in some other projects. Based on informal discussions at conferences and online, it seems that what this magic comment really is about is not always well understood, so I figured it would be worth talking about why it’s there, w

                                                      • prompts.chat - AI Prompts Community

                                                        --- name: skill-creator description: Guide for creating effective skills. This skill should be used when users want to create a new skill (or update an existing skill) that extends Claude's capabilities with specialized knowledge, workflows, or tool integrations. license: Complete terms in LICENSE.txt --- # Skill Creator This skill provides guidance for creating effective skills. ## About Skills S

                                                          prompts.chat - AI Prompts Community
                                                        • ROFL with a LOL: rewriting an NGINX module in Rust

                                                          ROFL with a LOL: rewriting an NGINX module in Rust2023-02-24 At Cloudflare, engineers spend a great deal of time refactoring or rewriting existing functionality. When your company doubles the amount of traffic it handles every year, what was once an elegant solution to a problem can quickly become outdated as the engineering constraints change. Not only that, but when you're averaging 40 million r

                                                            ROFL with a LOL: rewriting an NGINX module in Rust
                                                          • WebKit Features for Safari 26.2

                                                            Safari 26.2 is a big release. Packed with 62 new features, this release aims to make your life as a web developer easier by replacing long-standing frustrations with elegant solutions. You’ll find simpler ways to create common UI patterns with just a few lines of HTML or CSS, and no JavaScript — like auto-growing text fields with CSS field-sizing, and buttons that open/close dialogs and popovers w

                                                              WebKit Features for Safari 26.2
                                                            • August 2021 (version 1.60)

                                                              Update 1.60.1: The update addresses these issues. Update 1.60.2: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the August 2021 release of Visual Studio Code. There are many updates in this version that we hope you will like, some of the key highlights include: Automatic language detection - Programming l

                                                                August 2021 (version 1.60)
                                                              • Why We Use Julia, 10 Years Later

                                                                Exactly ten years ago today, we published "Why We Created Julia", introducing the Julia project to the world. At this point, we have moved well past the ambitious goals set out in the original blog post. Julia is now used by hundreds of thousands of people. It is taught at hundreds of universities and entire companies are being formed that build their software stacks on Julia. From personalized me

                                                                  Why We Use Julia, 10 Years Later
                                                                • One Year with Next.js App Router — Why We're Moving On

                                                                  As I’ve been using Next.js professionally on my employer’s web app, I find the core design of their App Router and React Server Components (RSC) to be extremely frustrating. And it’s not small bugs or that the API is confusing, but large disagreements about the fundamental design decisions that Vercel and the React team made when building it. The more webdev events I go to, the more I see people w

                                                                    One Year with Next.js App Router — Why We're Moving On
                                                                  • Secure Payment Confirmation

                                                                    Secure Payment Confirmation W3C Candidate Recommendation Draft, 4 June 2026 More details about this document This version: https://www.w3.org/TR/2026/CRD-secure-payment-confirmation-20260604/ Latest published version: https://www.w3.org/TR/secure-payment-confirmation/ Editor's Draft: https://w3c.github.io/secure-payment-confirmation/ Previous Versions: https://www.w3.org/TR/2026/CRD-secure-payment

                                                                    • The simplicity of Prolog

                                                                      Back to homepage Nowadays the most popular programming languages are Python, Javascript, Java, C++, C#, Kotlin and Ruby, and the average programmer is probably familiar with one or more of these languages. It's relatively easy to switch from one to another (barring any framework specific knowledge that may be needed), since they are all imperative (and for the most part object-oriented) languages,

                                                                      • Rust in Perspective

                                                                        We are discussing and working toward adding the language Rust as a second implementation language in the Linux kernel. A year ago Jake Edge made an excellent summary of the discussions so far on Rust for the Linux kernel and we (or rather Miguel and Wedson) have made further progress since then. For the record I think this is overall a good idea and worth a try. I wanted to add some background tha

                                                                          Rust in Perspective
                                                                        • May 2024 (version 1.90)

                                                                          Update 1.90.2: The update addresses these issues. Update 1.90.1: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the May 2024 release of Visual Studio Code. There are many updates in this version that we hope you'll like, some of the key highlights include: Editor tabs multi-select - Select and perform act

                                                                            May 2024 (version 1.90)
                                                                          • JavaScript naming conflicts: How existing code can force proposed features to be renamed

                                                                            JavaScript naming conflicts: How existing code can force proposed features to be renamed Sometimes the name of a proposed feature (a method, a global variable, etc.) clashes with existing code and has to be changed. This blog post explains how that can happen and lists features that were renamed. Evolving JavaScript: Don’t break the web!  # One core principle for evolving JavaScript is to not “bre

                                                                            • How to Write Shell Scripts in Node with Google's zx Library — SitePoint

                                                                              In this article, we’ll learn what Google’s zx library provides, and how we can use it to write shell scripts with Node.js. We’ll then learn how to use the features of zx by building a command-line tool that helps us bootstrap configuration for new Node.js projects. Writing Shell Scripts: the Problem Creating a shell script — a script that’s executed by a shell such as Bash or zsh — can be a great

                                                                                How to Write Shell Scripts in Node with Google's zx Library — SitePoint
                                                                              • Renato Athaydes

                                                                                Revisiting Prechelt’s paper and follow-ups comparing Java, Lisp, C/C++ and scripting languages A discussion on programming languages' impact on productivity and program efficiency. In 1999, Lutz Prechelt published a seminal article on the COMMUNICATIONS OF THE ACM (October 1999/Vol. 42, No. 10) called Comparing Java vs. C/C++ Efficiency Differences to Interpersonal Differences, henceforth Java VS

                                                                                • Combobulate: Structured Movement and Editing with Tree-Sitter

                                                                                  Combobulate: Structured Movement and Editing with Tree-Sitter Combobulate is a package that adds advanced structured editing and movement to many programming modes in Emacs. Here's how it works, and how it can enrich your editing experience in Emacs. About a year ago I released an alpha – prototype, really – version of a tool I call Combobulate. I’d been using it personally for a while before I le

                                                                                    Combobulate: Structured Movement and Editing with Tree-Sitter