Content-Disposition の filename という地雷。 (1個の観点で17個の脆弱性を見つけた話) - ぶるーたるごぶりん
English ver: https://gist.github.com/motoyasu-saburi/1b19ef18e96776fe90ba1b9f910fa714#file-lack_escape_content-disposition_filename-md TL;DR 1つのブラウザ、1つのプログラミング言語、15個の { Web Framework, HTTP Client ライブラリ, Email ライブラリ / Web Service 等} で脆弱性を見つけました。 見つけた脆弱性は、全て 1つの観点で発見した (多分 50-80 くらいのプロダクトの調査をした)。 RFC の記載では、(かなりわかりにくく)この問題に対する要件が記載されており、WHATWG > HTML Spec の方はしっかりと書かれているといった状況にある。 この問題は、 Content-Dispo
What’s in which Python
Created 17 May 2022, last updated 16 August 2025 This is a summary of what features appeared in which versions of Python. Items with a star were introduced with a __future__ import. The Python release cycle is explained in PEP 602. Each release has its own PEP with specific dates, listed here. The Python Developer’s Guide has a page summarizing the release cycles of Python versions. 3.14: expected
Tier 4 Support § Support for these targets is entirely experimental. If this target is provided by LLVM, LLVM may have the target as an experimental target, which means that you need to use Zig-provided binaries for the target to be available, or build LLVM from source with special configure flags. zig targets will display the target if it is available. This target may be considered deprecated by
Getting Started with Python
Python is a powerful programming language that provides many packages that we can use. Using the versatile Python programming language, we can develop the following: AutomationDesktop applicationAndroidWebIoT home automationData Science and the list goes on.In this article, our primary focus will be knowing how to start learning Python and the essentials required to be a data scientist. Below is t
PowerShell: the object-oriented shell you didn’t know you needed
PowerShell is an interactive shell and scripting language from Microsoft. It’s object-oriented — and that’s not just a buzzword, that’s a big difference to how the standard Unix shells work. And it is actually usable as an interactive shell. Getting Started PowerShell is so nice, Microsoft made it twice. Specifically, there concurrently exist two products named PowerShell: Windows PowerShell (5.1)
Try Mastering Emacs for free! Are you struggling with the basics? Have you mastered movement and editing yet? When you have read Mastering Emacs you will understand Emacs. It’s that time again: there’s a new major version of Emacs and, with it, a treasure trove of new features and changes. Notable features include the formal inclusion of native compilation, a technique that will greatly speed up y
Plan 9 Desktop Guide
PLAN 9 DESKTOP GUIDE INDEX What is Plan 9? Limitations and Workarounds Connecting to Other Systems VNC RDP SSH 9P Other methods Porting Applications Emulating other Operating Systems Virtualizing other Operating Systems Basics Window Management Copy Pasting Essential Programs Manipulating Text in the Terminal Acme - The Do It All Application Multiple Workspaces Tiling Windows Plumbing System Admin
Here's a classic Python quine to demonstrate the self-reproducing behavior: s = 's = %r\nprint(s %% s)' print(s % s) s holds a string that is almost the whole program, including the placeholder %r, which formats via repr(). The print(s % s) uses Python's old C-style %-formatting. Important notes about the characters inside s: %r is a placeholder: it tells Python to insert the repr() of the argumen
Join a VS Code Dev Days event near you to learn about AI-assisted development in VS Code. Release date: September 11, 2025 Update 1.104.1: The update addresses these issues. Update 1.104.2: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the August 2025 release of Visual Studio Code. There are many updates
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
0.8.0 Release Notes ⚡ The Zig Programming Language
What's New in Emacs 28.1?
That Time Ken Thompson Wrote a Backdoor into the C Compiler
August 2025 (version 1.104)