Skip to content

Instantly share code, notes, and snippets.

View mgol's full-sized avatar

Michał Gołębiowski-Owczarek mgol

View GitHub Profile
@duskwuff
duskwuff / dictionary.bin
Last active November 25, 2024 17:59
Contents of the Brotli dictionary (JSON encoded)
"time"
"down"
"life"
"left"
"back"
"code"
"data"
"show"
"only"
"site"

Multiple vulnerabilities in jQuery Mobile

Summary

All current versions of jQuery Mobile (JQM) as of 2019-05-04 are vulnerable to DOM-based Cross-Site Scripting (XSS) via crafted URLs. In JQM versions up to and including 1.2.1, the only requirement is that the library is included in a web application. In versions > 1.2.1, the web application must also contain a server-side API that reflects back user input as part of an HTTP response of any type. Practically all non-trivial web applications contain at least one such API.

Additionally, all current versions of JQM contain a broken implementation of a URL parser, which can lead to security issues in affected applications.

Tree-shakeable Tokens Docs

Status quo and issues with it

Injector structure

Currently, to provide services in Angular, you include them in an @NgModule:

@Injectable()
@samthor
samthor / safari-nomodule.js
Last active February 14, 2024 02:54
Safari 10.1 `nomodule` support
// UPDATE: In 2023, you should probably stop using this! The narrow version of Safari that
// does not support `nomodule` is probably not being used anywhere. The code below is left
// for posterity.
/**
* Safari 10.1 supports modules, but does not support the `nomodule` attribute - it will
* load <script nomodule> anyway. This snippet solve this problem, but only for script
* tags that load external code, e.g.: <script nomodule src="nomodule.js"></script>
*
* Again: this will **not** prevent inline script, e.g.:
#!/usr/bin/node
const N = 1000000;
// 130 ms
(function() {
console.time('+=');
let a = '';
for (let i = 0; i < N; i++) {
a += 'x';
@ericclemmons
ericclemmons / example.md
Last active September 20, 2024 12:46
HTML5 <details> in GitHub

Using <details> in GitHub

Suppose you're opening an issue and there's a lot noisey logs that may be useful.

Rather than wrecking readability, wrap it in a <details> tag!

<details>
 Summary Goes Here
@avdg
avdg / results.md
Last active May 24, 2016 22:46
Test262 es 6 results for UglifyJS harmony branch
  • Uglify checkout f63803e3e3753253721a4d7abbbe2ff46f11eecc (harmony)
  • Test262 checkout 28e707e367d438e52edb245067956df28d08ed25 (master)

process.versions:

{ http_parser: '2.7.0',
  node: '6.2.0',
  v8: '5.0.71.47',
 uv: '1.9.1',
import template from './my-dummy.html';
import './my-dummy.scss';
const deps = new WeakMap();
class MyDummyController {
constructor($timeout, $q) {
'ngInject';
deps.set(this, {$timeout, $q});
}
@mgol
mgol / ie11-only.md
Last active May 11, 2023 15:50
How to easily not serve JS and/or CSS to IE<11

Here's how to make your site not load CSS and/or JS in IE older than 11:

<!DOCTYPE html>
<html>
    <head>
        <meta charset="utf-8">
        <meta http-equiv="X-UA-Compatible" content="IE=8,9,11">
        <title>Page title</title>
        <!--[if !IE]>-->
 
// The diff between the following two definitions has one line: `+c: 3,`:
var o1 = {
a: 1,
b: 2,
};
var o1 = {
a: 1,
b: 2,
c: 3,
};