Skip to content

Instantly share code, notes, and snippets.


Michał Gołębiowski-Owczarek mgol

View GitHub Profile

Multiple vulnerabilities in jQuery Mobile


All current versions of jQuery Mobile (JQM) as of 2019-05-04 are vulnerable to DOM-based Cross-Site Scripting (XSS) via crafted URLs. In JQM versions up to and including 1.2.1, the only requirement is that the library is included in a web application. In versions > 1.2.1, the web application must also contain a server-side API that reflects back user input as part of an HTTP response of any type. Practically all non-trivial web applications contain at least one such API.

Additionally, all current versions of JQM contain a broken implementation of a URL parser, which can lead to security issues in affected applications.

View TreeShakeableTokens

Tree-shakeable Tokens Docs

Status quo and issues with it

Injector structure

Currently, to provide services in Angular, you include them in an @NgModule:

samthor / safari-nomodule.js
Last active May 8, 2021
Safari 10.1 `nomodule` support
View safari-nomodule.js
* Copyright 2017 Google LLC
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* Unless required by applicable law or agreed to in writing, software
View benchmark.js
const N = 1000000;
// 130 ms
(function() {
let a = '';
for (let i = 0; i < N; i++) {
a += 'x';
ericclemmons /
Last active May 7, 2021
HTML5 <details> in GitHub

Using <details> in GitHub

Suppose you're opening an issue and there's a lot noisey logs that may be useful.

Rather than wrecking readability, wrap it in a <details> tag!

 <summary>Summary Goes Here</summary>
avdg /
Last active May 24, 2016
Test262 es 6 results for UglifyJS harmony branch
  • Uglify checkout f63803e3e3753253721a4d7abbbe2ff46f11eecc (harmony)
  • Test262 checkout 28e707e367d438e52edb245067956df28d08ed25 (master)


{ http_parser: '2.7.0',
  node: '6.2.0',
  v8: '',
  uv: '1.9.1',
View WeakMaps as bags for dependencies in Angular 1
import template from './my-dummy.html';
import './my-dummy.scss';
const deps = new WeakMap();
class MyDummyController {
constructor($timeout, $q) {
deps.set(this, {$timeout, $q});
mgol /
Last active Mar 8, 2021
How to easily not serve JS and/or CSS to IE<11

Here's how to make your site not load CSS and/or JS in IE older than 11:

<!DOCTYPE html>
        <meta charset="utf-8">
        <meta http-equiv="X-UA-Compatible" content="IE=8,9,11">
        <title>Page title</title>
        <!--[if !IE]>-->
        <link rel="stylesheet" href="styles.css">
View trailing-comma.js
// The diff between the following two definitions has one line: `+c: 3,`:
var o1 = {
a: 1,
b: 2,
var o1 = {
a: 1,
b: 2,
c: 3,
btford /
Created Oct 30, 2014
Why you shouldn't worry so much about migrating with Angular

Several developers asked me about how difficult it will be to migrate Angular 1 to Angular 2. Angular 2 isn't done, so I legitimately have no idea how hard it will be. But there are a few high-level guiding principals in the design of Angular 1 that make adapting to changes like this fairly painless.

Angular 1 was designed so it would have a fairly minimal API surface. Let's look at controllers, since these are the meat of your app. Controllers are just functions that get passed other components as arguments:

MyController ($scope) {
  $scope.list = [];
  $scope.addItem = function (name) {