はじめに 対象イベント 読み方、使い方 Remote Code Execution(RCE) 親ディレクトリ指定によるopen_basedirのバイパス PHP-FPMのTCPソケット接続によるopen_basedirとdisable_functionsのバイパス JavaのRuntime.execでシェルを実行 Cross-Site Scripting(XSS) nginx環境でHTTPステータスコードが操作できる場合にCSPヘッダーを無効化 GoogleのClosureLibraryサニタイザーのXSS脆弱性 WebのProxy機能を介したService Workerの登録 括弧を使わないXSS /記号を使用せずに遷移先URLを指定 SOME(Same Origin Method Execution)を利用してdocument.writeを順次実行 SQL Injection MySQ
How I built a modern website in 2021September 29th, 2021 — 34 min read For over half of 2021, I worked on a complete rewrite of kentcdodds.com. You're reading this on the rewrite of this site! Are you using dark mode or light mode? Have you signed in and selected your team yet? Have you tried to call into the Call Kent Podcast? This blog post isn't about these and other features of the new site, b
ブラウザで動作する地理空間データ処理ライブラリとして DuckDB-wasm を使い、 SQL を TypeScript で管理する仕組みを作る - newmo 技術ブログ
newmo では、地図データや地理情報を扱う場面が多くあります。 たとえば、タクシーやライドシェアでは、営業区域のような営業していいエリアといった地理的な定義があります。 また、乗り入れ禁止区域のようなタクシーが乗り入れてはいけないエリアといった定義も必要になります。 これらの地理に関する定義は GeoJSON のような地理情報を扱うデータ形式で管理されることが多いです。 しかし、GeoJSONなどの定義をテキストとして手書きするのは困難です。 そのため、地図上に区域を作図するエディタやその定義した区域が正しいかをチェックするような管理ツールが必要です。 管理ツールは、ウェブアプリケーションとして作った方が利用できる環境が広がります。 このような地理情報は一度に扱うデータが多かったり、空間的な計算処理が必要になるため、専用の仕組みを使うことが多いです。 このような技術を、地理情報システム(
技術部の笹田(ko1)と遠藤(mame)です。クックパッドで Ruby (MRI: Matz Ruby Implementation、いわゆる ruby コマンド) の開発をしています。お金をもらって Ruby を開発しているのでプロの Ruby コミッタです。 本日 12/25 に、ついに Ruby 3.1.0 がリリースされました(Ruby 3.1.0 リリース )。今年も Ruby 3.1 の NEWS.md ファイルの解説をします。NEWS ファイルとは何か、は以前の記事を見てください。 プロと読み解く Ruby 2.6 NEWS ファイル - クックパッド開発者ブログ プロと読み解くRuby 2.7 NEWS - クックパッド開発者ブログ プロと読み解くRuby 3.0 NEWS - クックパッド開発者ブログ 本記事は新機能を解説することもさることながら、変更が入った背景や苦労な
技術部の笹田(ko1)と遠藤(mame)です。クックパッドで Ruby (MRI: Matz Ruby Implementation、いわゆる ruby コマンド) の開発をしています。お金をもらって Ruby を開発しているのでプロの Ruby コミッタです。 昨日 12/25 に、恒例のクリスマスリリースとして、Ruby 3.2.0 がリリースされました(Ruby 3.2.0 リリース)。今年も Ruby 3.2 の NEWS.md ファイルの解説をします。NEWS ファイルとは何か、は以前の記事を見てください。 プロと読み解く Ruby 2.6 NEWS ファイル - クックパッド開発者ブログ プロと読み解くRuby 2.7 NEWS - クックパッド開発者ブログ プロと読み解くRuby 3.0 NEWS - クックパッド開発者ブログ プロと読み解く Ruby 3.1 NEWS -
REST API Design Best Practices Handbook – How to Build a REST API with JavaScript, Node.js, and Express.js
By Jean-Marc Möckel I've created and consumed many API's over the past few years. During that time, I've come across good and bad practices and have experienced nasty situations when consuming and building API's. But there also have been great moments. There are helpful articles online which present many best practices, but many of them lack some practicality in my opinion. Knowing the theory with
Developers are increasingly relying on AI coding assistants to accelerate our daily workflows. These tools can autocomplete functions, suggest bug fixes, and even generate entire modules or MVPs. Yet, as many of us have learned, the quality of the AI’s output depends largely on the quality of the prompt you provide. In other words, prompt engineering has become an essential skill. A poorly phrased
Today we are excited to announce the availability of TypeScript 6.0! If you are not familiar with TypeScript, it’s a language that builds on JavaScript by adding syntax for types, which enables type-checking to catch errors, and provide rich editor tooling. You can learn more about TypeScript and how to get started on the TypeScript website. But if you’re already familiar with the language, you ca
IDEs CLion DataGrip DataSpell Fleet GoLand IntelliJ IDEA PhpStorm PyCharm RustRover Rider RubyMine WebStorm Plugins & Services Big Data Tools Code With Me JetBrains Platform Scala Toolbox App Writerside JetBrains AI Grazie Junie JetBrains for Data Kineto Team Tools Datalore Space TeamCity Upsource YouTrack Hub Qodana CodeCanvas Matter .NET & Visual Studio .NET Tools ReSharper C++ Languages & Frame
「(わりと)任意」、と書きましたが実際には AppleScript をサポートしている Application が対象で、基本的に AppleScript で取得できる情報については全て取得できるはずです。現状では read のみ実装しています。 ソースコードはこちら 使い方 実行中の Google Chrome に対して incognito の window で開いている tab の title と url が欲しい、という query を実行してみている例です。 npx で試す とりあえずサクッと試す場合は npx jxa-graphql server <appPath> で試せます。curl でも良いですし Apollo Sandbox の Explorer などを使っても良いでしょう。 $ npx jxa-graphql serve /Applications/Google\ Ch
Today we’re excited to announce the release of TypeScript 5.1! If you’re not yet familiar with TypeScript, it’s a language that builds on JavaScript by adding constructs called types. These types can describe some details about our program, and can be checked by TypeScript before they’re compiled away in order to catch possible typos, logic bugs and more. TypeScript also uses these types to provid
Today we’re excited to announce the release of TypeScript 4.8! If you’re not yet familiar with TypeScript, it’s a language that builds on JavaScript and adds syntax for types. These types let you put your expectations and assumptions into your code, and those assumptions can then be checked by the TypeScript type-checker. This checking can help avoid typos, calling uninitialized values, mixing up
Today we are announcing the beta release of TypeScript 6.0! To get started using the beta, you can get it through npm with the following command: npm install -D typescript@beta TypeScript 6.0 is a unique release in that we intend for it to be the last release based on the current JavaScript codebase. As announced last year (with recent updates here), we are working on a new codebase for the TypeSc
Today we excited to announce the availability of TypeScript 5.7! If you’re not familiar with TypeScript, it’s a language that builds on JavaScript by adding syntax for type declarations and annotations. This syntax can be used by the TypeScript compiler to type-check our code, and it can also be erased to emit clean, idiomatic JavaScript code. Type-checking is helpful because it can catch bugs in
On January 14, 2006, John Resig introduced a JavaScript library called jQuery at BarCamp in New York City. Now, 20 years later, the jQuery team is happy to announce the final release of jQuery 4.0.0. After a long development cycle and several pre-releases, jQuery 4.0.0 brings many improvements and modernizations. It is the first major version release in almost 10 years and includes some breaking c
9 Times the Web Platform Was Influenced by Libraries | Jad Joubran
The web platform didn't invent most of its best APIs. It caught up to them. Libraries did the R&D work in production. They got tested by thousands of developers across thousands of codebases, which is the kind of feedback you can't simulate. They got bug reports. They iterated. And, the patterns that survived eventually became part of the platform itself. If you've been writing JavaScript for a wh
All JavaScript and TypeScript Features of the last 3 years
TypeScript as envisioned by Stable DiffusionThis article goes through almost all of the changes of the last 3 years (and some from earlier) in JavaScript / ECMAScript and TypeScript . Not all of the following features will be relevant to you or even practical, but they should instead serve to show what’s possible and to deepen your understanding of these languages. There are a lot of TypeScript fe
Introduction JavaScript Object Notation (JSON) is a simple data interchange format. Almost 15 years ago, we wrote about support for JSON in Go, which introduced the ability to serialize and deserialize Go types to and from JSON data. Since then, JSON has become the most popular data format used on the Internet. It is widely read and written by Go programs, and encoding/json now ranks as the 5th mo
In the early 90’s, being a frisian kid obsessed with computers there weren’t a ton of ways to get access to new software or learn more about computers. The two main ways were exchanging 3.5” diskettes with friends, or go to the library. One book I remember more than others was “Windows for Kinderen” (“Windows for Kids”) by Addo Stuur. I must have been around 10 years old and was obsessed by this b
The product https://joinmastodon.org Mastodon is a free, open-source social network server based on ActivityPub where users can follow friends and discover new ones. On Mastodon, users can publish anything they want: links, pictures, text, and video. All Mastodon servers are interoperable as a federated network. Open source The project is open source at https://github.com/mastodon/mastodon License
バグバウンティにおける XSS の具体的な脅威の事例まとめ - blog of morioka12
1. 始めに こんにちは、morioka12 です。 本稿では、バグバウンティで実際にあった脆弱性報告の事例をもとに、XSS の具体的な脅威(Impact)についていくつか紹介します。 1. 始めに 免責事項 想定読者 2. XSS (Cross Site Scripting) HackerOne Top 10 Vulnerability Types Escalation (Goal) 3. XSS の脅威 (Impact) 3.1 Response Body から Session ID の奪取 3.2 Local Storage から Access Token の奪取 3.3 IndexedDB から Session Data の奪取 3.4 メールアドレスの改ざん 3.5 パスワードの改ざん 3.6 管理者アカウントの招待 3.7 POST Based Reflected XSS 4.
Parsing SQL - Strumenta
The code for this tutorial is on GitHub: parsing-sql SQL is a language to handle data in a relational database. If you worked with data you have probably worked with SQL. In this article we will talk about parsing SQL. It is in the same league of HTML: maybe you never learned it formally but you kind of know how to use it. That is great because if you know SQL, you know how to handle data. However
Speeding up the JavaScript ecosystem - Rust and JavaScript Plugins
Over the past year (2024) there has been a strong movement to rewrite JavaScript tools in Rust to make them faster. Rust is well suited for this as it runs much closer to hardware and doesn't rely on garbage collection. This makes it an ideal candidate for computationally intensive tasks. Linting in its basic form is such a task, as it involves parsing and traversing lots of source code. But there
Today we’re excited to announce the release of TypeScript 5.5! If you’re not familiar with TypeScript, it’s a language that builds on top of JavaScript by making it possible to declare and describe types. Writing types in our code allows us to explain intent and have other tools check our code to catch mistakes like typos, issues with null and undefined, and more. Types also power TypeScript’s edi
Today we're excited to announce the release of Vue 3.4 "🏀 Slam Dunk"! This release includes some substantial internal improvements - most notably a rewritten template parser that is 2x faster, and a refactored reactivity system that makes effect triggering more accurate and efficient. It also packs a number of quality-of-life API improvements, including the stabilization of defineModel and a new
Today we are excited to announce the Release Candidate (RC) of TypeScript 6.0! To get started using the RC, you can get it through npm with the following command: npm install -D typescript@rc TypeScript 6.0 is a unique release in that we intend for it to be the last release based on the current JavaScript codebase. As announced last year (with recent updates here), we are working on a new codebase
Today we are announcing the availability of TypeScript 5.7 Beta. To get started using the beta, you can get it through npm with the following command: npm install -D typescript@beta Let’s take a look at what’s new in TypeScript 5.7! Checks for Never-Initialized Variables For a long time, TypeScript has been able to catch issues when a variable has not yet been initialized in all prior branches. le
When a single-page application needs to fetch data from a remote source, it needs to do so while remaining responsive and providing feedback to the user during an often slow query. Five patterns help with this. Asynchronous State Handler wraps these queries with meta-queries for the state of the query. Parallel Data Fetching minimizes wait time. Fallback Markup specifies fallback displays in marku
Today we’re announcing our beta release of TypeScript 5.1! To get started using the beta, you can get it through NuGet, or through npm with the following command: npm install -D typescript@beta Here’s a quick list of what’s new in TypeScript 5.1! Easier Implicit Returns for undefined-Returning Functions Unrelated Types for Getters and Setters Decoupled Type-Checking Between JSX Elements and JSX Ta
Designing a Dataflow Editor With TypeScript and React | Protocol Labs Research
This is a design report – a story about the tradeoffs and challenges that we encountered while building a medium-complexity React component in TypeScript. These include state modeling (“making illegal states unrepresentable”) basic type-level programming in TypeScript DX patterns for generically typed React components DX patterns for reusable controlled components using a Redux-like action/dispatc
The year is 2023 and we’ve released Node.js v20. It’s a significant accomplishment, and this article aims to use scientific numbers to assess the state of Node.js’ performance. All the benchmark results contain a reproducible example and hardware details. To reduce the noise for regular readers, the reproducible steps will be collapsed at the beginning of all sections. This article aims to provide
JSON.stringify is a core JavaScript function for serializing data. Its performance directly affects common operations across the web, from serializing data for a network request to saving data to localStorage. A faster JSON.stringify translates to quicker page interactions and more responsive applications. That’s why we’re excited to share that a recent engineering effort has made JSON.stringify i
WebKit Features in Safari 17.2
ContentsHTMLCSSImages and videoJavaScriptWeb APIWeb AppsWebGLPrivacyWeb InspectorFixes for Interop 2023 and moreUpdating to Safari 17.2Feedback Web technology is constantly moving forward, with both big new features and small subtle adjustments. Nowadays, web developers expect web browsers to update multiple times a year, instead of the once or twice a year typical of the late 2000s — or the once
Today we are excited to announce the availability of TypeScript 5.5 Beta. To get started using the beta, you can get it through NuGet, or through npm with the following command: npm install -D typescript@beta Here’s a quick list of what’s new in TypeScript 5.5! Inferred Type Predicates Control Flow Narrowing for Constant Indexed Accesses Type Imports in JSDoc Regular Expression Syntax Checking Iso
Node.js
Notable Changes Permission Model Node.js now has an experimental feature called the Permission Model. It allows developers to restrict access to specific resources during program execution, such as file system operations, child process spawning, and worker thread creation. The API exists behind a flag --experimental-permission which when enabled will restrict access to all available permissions. B
My thoughts on writing a Minecraft server from scratch (in Bash) For the past year or so, I've been thinking about writing a Minecraft server in Bash as a thought excercise. I once tried that before with the Classic protocol (the one from 2009), but I quickly realized there wasn't really a way to properly parse binary data in bash. Take the following code sample: function a() { read -n 2 uwu echo
Today we are excited to announce the availability of the release candidate of TypeScript 5.5. To get started using the RC, you can get it through NuGet, or through npm with the following command: npm install -D typescript@rc Here’s a quick list of what’s new in TypeScript 5.5! Inferred Type Predicates Control Flow Narrowing for Constant Indexed Accesses Type Imports in JSDoc Regular Expression Syn
2023-10-17, Version 21.0.0 (Current), @RafaelGSS and @targos We're excited to announce the release of Node.js 21! Highlights include updates of the V8 JavaScript engine to 11.8, stable fetch and WebStreams, a new experimental flag to change the interpretation of ambiguous code from CommonJS to ES modules (--experimental-default-type), many updates to our test runner, and more! Node.js 21 will repl
Today we’re excited to announce our Release Candidate (RC) of TypeScript 4.8. Between now and the stable release of TypeScript 4.8, we expect no further changes apart from critical bug fixes. To get started using the RC, you can get it through NuGet, or use npm with the following command: npm install -D typescript@rc You can also get editor support by Downloading for Visual Studio 2022/2019 Follow
Biome v2.4—Embedded Snippets, HTML Accessibility, and Better Framework Support
Biome v2.4 is the first minor release of the year! After more than ten patches from v2.3, today we bring to you a new version that contains many new features! Once you have upgraded to Biome v2.4.0, migrate your Biome configuration to the new version by running the migrate command: biome migrate --write Highlights Among all the features shipped in this release, here are the ones we think you’re go
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
【2020年】CTF Web問題の攻撃手法まとめ - こんとろーるしーこんとろーるぶい
How I built a modern website in 2021
プロと読み解く Ruby 3.1 NEWS - クックパッド開発者ブログ
プロと読み解く Ruby 3.2 NEWS - クックパッド開発者ブログ
The Prompt Engineering Playbook for Programmers
Announcing TypeScript 6.0 - TypeScript
JavaScript Best Practices | The WebStorm Blog
(わりと)任意の Mac Application に GraphQL でアクセスできるようにした
Announcing TypeScript 5.1 - TypeScript
Announcing TypeScript 4.8 - TypeScript
Announcing TypeScript 6.0 Beta - TypeScript
Announcing TypeScript 5.7 - TypeScript
jQuery 4.0.0 | Official jQuery Blog
A new experimental Go API for JSON - The Go Programming Language
Neko - A brief history and porting to Javascript
Mastodon: Ruby on Rails Open Source Web App
Announcing TypeScript 5.5 - TypeScript
Announcing Vue 3.4 | The Vue Point
Announcing TypeScript 6.0 RC - TypeScript
Announcing TypeScript 5.7 Beta - TypeScript
Data Fetching Patterns in Single-Page Applications
Announcing TypeScript 5.1 Beta - TypeScript
State of Node.js Performance 2023
How we made JSON.stringify more than twice as fast · V8
Announcing TypeScript 5.5 Beta - TypeScript
My thoughts on writing a Minecraft server from scratch (in Bash)
Announcing TypeScript 5.5 RC - TypeScript
Node.js — Node.js 21.0.0 (Current)
Announcing TypeScript 4.8 RC - TypeScript