はじめに 対象イベント 読み方、使い方 Remote Code Execution(RCE) 親ディレクトリ指定によるopen_basedirのバイパス PHP-FPMのTCPソケット接続によるopen_basedirとdisable_functionsのバイパス JavaのRuntime.execでシェルを実行 Cross-Site Scripting(XSS) nginx環境でHTTPステータスコードが操作できる場合にCSPヘッダーを無効化 GoogleのClosureLibraryサニタイザーのXSS脆弱性 WebのProxy機能を介したService Workerの登録 括弧を使わないXSS /記号を使用せずに遷移先URLを指定 SOME(Same Origin Method Execution)を利用してdocument.writeを順次実行 SQL Injection MySQ
REST API Design Best Practices Handbook – How to Build a REST API with JavaScript, Node.js, and Express.js
By Jean-Marc Möckel I've created and consumed many API's over the past few years. During that time, I've come across good and bad practices and have experienced nasty situations when consuming and building API's. But there also have been great moments. There are helpful articles online which present many best practices, but many of them lack some practicality in my opinion. Knowing the theory with
GitHub - modelcontextprotocol/servers: Model Context Protocol Servers
Official integrations are maintained by companies building production ready MCP servers for their platforms. 21st.dev Magic - Create crafted UI components inspired by the best 21st.dev design engineers. 2slides - An MCP server that provides tools to convert content into slides/PPT/presentation or generate slides/PPT/presentation with user intention. ActionKit by Paragon - Connect to 130+ SaaS inte
Security is important. Nobody wants to be the person advocating for less security. So nobody wants to say it. But somebody has to say it. So I guess I’ll say it. The way npm audit works is broken. Its rollout as a default after every npm install was rushed, inconsiderate, and inadequate for the front-end tooling. Have you heard the story about the boy who cried wolf? Spoiler alert: the wolf eats t
How modern browsers work
Note: For those eager to dive deep into how browsers work, an excellent resource is Browser Engineering by Pavel Panchekha and Chris Harrelson (available at browser.engineering). Please do check it out. This article is an overview of how browsers work. Web developers often treat the browser as a black box that magically transforms HTML, CSS, and JavaScript into interactive web applications. In tru
はじめに こんにちは、morioka12 です。 本記事は、バグハンターの視点でソフトウェアサプライチェーン (Software Supply Chain)について解説する入門ブログです。 なお、本記事は昨年の LT 発表「バグハンター視点によるサプライチェーンの脆弱性」(「あなたの知らない ”サプライチェーン攻撃”を語る セキュリティ Night」, 2025年12月)をもとに、補足等を加えて再構成した入門内容になります。 speakerdeck.com https://speakerdeck.com/scgajge12/baguhantashi-dian-niyorusapuraitiennocui-ruo-xing https://x.com/scgajge12/status/1996546273403600953?s=20 注意事項 本記事で紹介する手法や事例はすべて、正規のバグバ
Jun 9, 2025 by Jen Simmons, Saron Yitbarek, Jon Davis, Richard Robinson, Eddy Wong, Brandel Zachernuk, Marcos Cáceres, Tim Nguyen, Daniel Liu, Razvan Caliman, Blaze Burg, Qianlang Chen, Brian Weinstein, Aditya Keerthi, Karl Dubost, David Johnson, Luming Yin ContentsSVG IconsEvery site can be a web app on iOS and iPadOSHDR ImagesWebKit in SwiftUI<model> on visionOSImmersive video and audio on visio
The Grug Brained Developer
The Grug Brained Developer A layman's guide to thinking like the self-aware smol brained Introduction this collection of thoughts on software development gathered by grug brain developer grug brain developer not so smart, but grug brain developer program many long year and learn some things although mostly still confused grug brain developer try collect learns into small, easily digestible and fun
週刊Railsウォッチ: Ruby 2.5〜3.1ベンチマーク、Opal 1.4、JRubyが20歳に、2022年のCSSほか(2022018後編)|TechRacho by BPS株式会社
週刊Railsウォッチについて 各記事冒頭には🔗でパーマリンクを置いてあります: 社内やTwitterでの議論などにどうぞ 「つっつきボイス」はRailsウォッチ公開前ドラフトを(鍋のように)社内有志でつっついたときの会話の再構成です👄 お気づきの点がありましたら@hachi8833までメンションをいただければ確認・対応いたします🙏 TechRachoではRubyやRailsなどの最新情報記事を平日に公開しています。TechRacho記事をいち早くお読みになりたい方はTwitterにて@techrachoのフォローをお願いします。また、タグやカテゴリごとにRSSフィードを購読することもできます(例:週刊Railsウォッチタグ) 🔗Ruby 🔗 Ruby 2.5〜3.1のベンチマークを取ってみた(Ruby Weeklyより) 元記事: Benchmarking Ruby 2.5 t
My thoughts on writing a Minecraft server from scratch (in Bash) For the past year or so, I've been thinking about writing a Minecraft server in Bash as a thought excercise. I once tried that before with the Classic protocol (the one from 2009), but I quickly realized there wasn't really a way to properly parse binary data in bash. Take the following code sample: function a() { read -n 2 uwu echo
WebKit Features in Safari 18.4
Mar 31, 2025 by Jen Simmons, Saron Yitbarek, Jon Davis, Razvan Caliman, Karl Dubost, Brady Eidson, Elika Etemad, Youenn Fablet, Matthew Finkel, Simon Fraser, Timothy Hatcher, David Johnson, Anne van Kesteren, Daniel Liu, Keith Miller, Rupin Mittal, Tim Nguyen, Pascoe, Abrar Rahman Protyasha, Richard Robinson, Lily Spiniolas, Brandon Stewart, John Wilander and Luming Yin ContentsDeclarative Web Pus
research!rsc: Floating-Point Printing and Parsing Can Be Simple And Fast (Floating Point Formatting, Part 3)
Introduction A floating point number f has the form f=m·2e where m is called the mantissa and e is a signed integer exponent. We like to read numbers scaled by powers of ten, not two, so computers need algorithms to convert binary floating-point to and from decimal text. My 2011 post “Floating Point to Decimal Conversion is Easy” argued that these conversions can be simple as long as you don’t car
Update 1.60.1: The update addresses these issues. Update 1.60.2: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the August 2021 release of Visual Studio Code. There are many updates in this version that we hope you will like, some of the key highlights include: Automatic language detection - Programming l
この記事は はてなエンジニア Advent Calendar 2021 の 5 日目の記事です。 4 日目は id:anatofuz さんの 「入社してから書いていた分報の行数を眺めてみる」 でした。日報に書き込んだ行数を可視化するというアイデアが面白い! 僕も日報書いているので今度可視化してみようと思います。 anatofuz.hatenablog.com 本題 さて今回はタイトルにもある通り、Babel の話をします。Babel というのは JavaScript のトランスパイラです。 JavaScript のソースコードを入力として受け取り、適切な変換を施し、JavaScript のソースコードを出力する (トランスパイルする) ツールです。主に新しい構文で書かれた JavaScript を、古いブラウザなどでも動くよう、古い構文で書かれた JavaScript に変換するために使わ
As I've been using Next.js professionally on my employer's web app, I find the core design of their App Router and React Server Components (RSC) to be extremely frustrating. And it's not small bugs or that the API is confusing, but large disagreements about the fundamental design decisions that Vercel and the React team made when building it. The more webdev events I go to, the more I see people w
Awesome Terraform | Curated list of awesome lists | Project-Awesome.org
A curated list of resources on HashiCorp's Terraform. Your contributions are welcome! Terraform enables you to safely and predictably create, change, and improve production infrastructure. It is an open source tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned. Contents Legend Official Resources Com
Secure Payment Confirmation
Secure Payment Confirmation W3C Candidate Recommendation Draft, 14 August 2025 More details about this document This version: https://www.w3.org/TR/2025/CRD-secure-payment-confirmation-20250814/ Latest published version: https://www.w3.org/TR/secure-payment-confirmation/ Editor's Draft: https://w3c.github.io/secure-payment-confirmation/ Previous Versions: https://www.w3.org/TR/2025/CRD-secure-paym
WebKit Features in Safari 26.0
Sep 15, 2025 by Jen Simmons, Saron Yitbarek, Jon Davis, Tim Nguyen, Blaze Burg, Marcos Cáceres, Razvan Caliman, Qianlang Chen, Karl Dubost, Kiet Ho, David Johnson, Aditya Keerthi, Daniel Liu, Keith Miller, Abrar Rahman Protyasha, Richard Robinson, Kiara Rose, Ahmad Saleem, Anne van Kesteren, Brian Weinstein, Eddy Wong, Luming Yin, Brandel Zachernuk ContentsCSSEvery site can be a web app on iOS and
概要 この記事を読む対象者 生成系AI(ChatGPTなど)の連携に興味があるWordpressを使う人。 この記事の内容 WordPressの独自データを活用し、RAGを使った簡易チャット機能を構築する手順。 この記事を読んで分かること CSV+BIN形式で記事要約を埋め込み検索し、WordPress REST API経由でChatGPTに回答させる実装方法。 序説 みなさん、WordPressでのサイト運営は楽しんでいますか? 中にはフルスクラッチで構築する方もいらっしゃいますが、簡単に導入・管理ができるCMS[1]を使う方も多いのではないでしょうか。 本記事では、そんなWordPressを使いながら RAG[2] を用いた検索機能の構築を紹介します。 成果物 以下の画像のように、WordPress上に用意したチャット画面でユーザが質問を入力すると、 1. 生成AI(ChatGPT)に
From XML to JSON to CBOR - The CBOR, dCBOR, and Gordian Envelope Book
Press ← or → to navigate between chapters Press S or / to search in the book Press ? to show this help Press Esc to hide this help From XML to JSON to CBOR A Lingua Franca for Data? In modern computing, data exchange is foundational to everything from web browsing to microservices and IoT devices. The ability for different systems to represent, share, and interpret structured information drives ou
Update 1.64.1: The update addresses these security issues. Update 1.64.2: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the January 2022 release of Visual Studio Code. There are many updates in this version that we hope you will like, some of the key highlights include: New Side Panel - Display more view
Release date: September 11, 2025 Update 1.104.1: The update addresses these issues. Update 1.104.2: The update addresses these issues. Update 1.104.3: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the August 2025 release of Visual Studio Code. There are many updates in this version that we hope you'll li
GitHub - ComfyUI-Workflow/awesome-comfyui: A collection of awesome custom nodes for ComfyUI
ComfyUI-Gemini_Flash_2.0_Exp (⭐+172): A ComfyUI custom node that integrates Google's Gemini Flash 2.0 Experimental model, enabling multimodal analysis of text, images, video frames, and audio directly within ComfyUI workflows. ComfyUI-ACE_Plus (⭐+115): Custom nodes for various visual generation and editing tasks using ACE_Plus FFT Model. ComfyUI-Manager (⭐+113): ComfyUI-Manager itself is also a cu
I've been using Nim for about 1-2 years now, and I believe the language is undervalued. It's not perfect, of course, but it's pleasant to write and read. My personal website uses Nim. After reading a recent article on Nim ("Why Nim") and the associated HN comments, it's clear that comments and some information about Nim are misleading and outdated. Since Nim 2, a tracing Garbage Collector is not t
Update 1.89.1: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the April 2024 release of Visual Studio Code. There are many updates in this version that we hope you'll like, some of the key highlights include: Preview Markdown images & videos - Hover over a link to preview images & videos in Markdown. Enha
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
【2020年】CTF Web問題の攻撃手法まとめ - こんとろーるしーこんとろーるぶい
npm audit: Broken by Design — overreacted
バグハンター視点によるソフトウェアサプライチェーン入門 - blog of morioka12
News from WWDC25: WebKit in Safari 26 beta
My thoughts on writing a Minecraft server from scratch (in Bash)
August 2021 (version 1.60)
Babel をリファクタリングツールとして使う - mizdra's blog
One Year with Next.js App Router — Why We're Moving On
ChatGPTにサイトを丸ごと読ませる!? WordPress×RAGで進化するQ&A
January 2022 (version 1.64)
August 2025 (version 1.104)
A Review of Nim 2: The Good & Bad with Example Code
April 2024 (version 1.89)