Skip to content

Instantly share code, notes, and snippets.

Avatar

Michał Gołębiowski-Owczarek mgol

View GitHub Profile
View jqm-xss.md

Multiple vulnerabilities in jQuery Mobile

Summary

All current versions of jQuery Mobile (JQM) as of 2019-05-04 are vulnerable to DOM-based Cross-Site Scripting (XSS) via crafted URLs. In JQM versions up to and including 1.2.1, the only requirement is that the library is included in a web application. In versions > 1.2.1, the web application must also contain a server-side API that reflects back user input as part of an HTTP response of any type. Practically all non-trivial web applications contain at least one such API.

Additionally, all current versions of JQM contain a broken implementation of a URL parser, which can lead to security issues in affected applications.

View TreeShakeableTokens Docs.md

Tree-shakeable Tokens Docs

Status quo and issues with it

Injector structure

Currently, to provide services in Angular, you include them in an @NgModule:

@Injectable()
@samthor
samthor / safari-nomodule.js
Last active Aug 7, 2020
Safari 10.1 `nomodule` support
View safari-nomodule.js
/**
* Safari 10.1 supports modules, but does not support the `nomodule` attribute - it will
* load <script nomodule> anyway. This snippet solve this problem, but only for script
* tags that load external code, e.g.: <script nomodule src="nomodule.js"></script>
*
* Again: this will **not** prevent inline script, e.g.:
* <script nomodule>alert('no modules');</script>.
*
* This workaround is possible because Safari supports the non-standard 'beforeload' event.
* This allows us to trap the module and nomodule load.
View benchmark.js
#!/usr/bin/node
const N = 1000000;
// 130 ms
(function() {
console.time('+=');
let a = '';
for (let i = 0; i < N; i++) {
a += 'x';
@ericclemmons
ericclemmons / example.md
Last active Aug 3, 2020
HTML5 <details> in GitHub
View example.md

Using <details> in GitHub

Suppose you're opening an issue and there's a lot noisey logs that may be useful.

Rather than wrecking readability, wrap it in a <details> tag!

<details>
 <summary>Summary Goes Here</summary>
@avdg
avdg / results.md
Last active May 24, 2016
Test262 es 6 results for UglifyJS harmony branch
View results.md
  • Uglify checkout f63803e3e3753253721a4d7abbbe2ff46f11eecc (harmony)
  • Test262 checkout 28e707e367d438e52edb245067956df28d08ed25 (master)

process.versions:

{ http_parser: '2.7.0',
  node: '6.2.0',
  v8: '5.0.71.47',
  uv: '1.9.1',
View WeakMaps as bags for dependencies in Angular 1
import template from './my-dummy.html';
import './my-dummy.scss';
const deps = new WeakMap();
class MyDummyController {
constructor($timeout, $q) {
'ngInject';
deps.set(this, {$timeout, $q});
}
@mgol
mgol / ie11-only.md
Last active Jul 27, 2020
How to easily not serve JS and/or CSS to IE<11
View ie11-only.md

Here's how to make your site not load CSS and/or JS in IE older than 11:

<!DOCTYPE html>
<html>
    <head>
        <meta charset="utf-8">
        <meta http-equiv="X-UA-Compatible" content="IE=8,9,11">
        <title>Page title</title>
        <!--[if !IE]>-->
        <link rel="stylesheet" href="styles.css">
View trailing-comma.js
// The diff between the following two definitions has one line: `+c: 3,`:
var o1 = {
a: 1,
b: 2,
};
var o1 = {
a: 1,
b: 2,
c: 3,
};
@btford
btford / chillax.md
Created Oct 30, 2014
Why you shouldn't worry so much about migrating with Angular
View chillax.md

Several developers asked me about how difficult it will be to migrate Angular 1 to Angular 2. Angular 2 isn't done, so I legitimately have no idea how hard it will be. But there are a few high-level guiding principals in the design of Angular 1 that make adapting to changes like this fairly painless.

Angular 1 was designed so it would have a fairly minimal API surface. Let's look at controllers, since these are the meat of your app. Controllers are just functions that get passed other components as arguments:

MyController ($scope) {
  $scope.list = [];
  
  $scope.addItem = function (name) {
    $scope.list.push({
You can’t perform that action at this time.