jupenur

Multiple vulnerabilities in jQuery Mobile

Summary

All current versions of jQuery Mobile (JQM) as of 2019-05-04 are vulnerable to DOM-based Cross-Site Scripting (XSS) via crafted URLs. In JQM versions up to and including 1.2.1, the only requirement is that the library is included in a web application. In versions > 1.2.1, the web application must also contain a server-side API that reflects back user input as part of an HTTP response of any type. Practically all non-trivial web applications contain at least one such API.

Additionally, all current versions of JQM contain a broken implementation of a URL parser, which can lead to security issues in affected applications.

alxhub

Tree-shakeable Tokens Docs

Status quo and issues with it

Injector structure

Currently, to provide services in Angular, you include them in an @NgModule:

@Injectable()

samthor

// UPDATE: In 2023, you should probably stop using this! The narrow version of Safari that
// does not support `nomodule` is probably not being used anywhere. The code below is left
// for posterity.

/**
 * Safari 10.1 supports modules, but does not support the `nomodule` attribute - it will
 * load <script nomodule> anyway. This snippet solve this problem, but only for script
 * tags that load external code, e.g.: <script nomodule src="nomodule.js"></script>
 *
 * Again: this will **not** prevent inline script, e.g.:

joliss

#!/usr/bin/node

const N = 1000000;

// 130 ms
(function() {
  console.time('+=');
  let a = '';
  for (let i = 0; i < N; i++) {
    a += 'x';

ericclemmons

Using <details> in GitHub

Suppose you're opening an issue and there's a lot noisey logs that may be useful.

Rather than wrecking readability, wrap it in a <details> tag!

<details>
 Summary Goes Here

avdg

• Uglify checkout f63803e3e3753253721a4d7abbbe2ff46f11eecc (harmony)
• Test262 checkout 28e707e367d438e52edb245067956df28d08ed25 (master)

process.versions:

{ http_parser: '2.7.0',
  node: '6.2.0',
  v8: '5.0.71.47',
 uv: '1.9.1',

mgol

import template from './my-dummy.html';
import './my-dummy.scss';

const deps = new WeakMap();

class MyDummyController {
    constructor($timeout, $q) {
        'ngInject';
        deps.set(this, {$timeout, $q});
    }

mgol

Here's how to make your site not load CSS and/or JS in IE older than 11:

<!DOCTYPE html>
<html>
    <head>
        <meta charset="utf-8">
        <meta http-equiv="X-UA-Compatible" content="IE=8,9,11">
        <title>Page title</title>
        <!--[if !IE]>-->
 

mgol

// The diff between the following two definitions has one line: `+c: 3,`:
var o1 = {
    a: 1,
    b: 2,
};
var o1 = {
    a: 1,
    b: 2,
    c: 3,
};

btford

Several developers asked me about how difficult it will be to migrate Angular 1 to Angular 2. Angular 2 isn't done, so I legitimately have no idea how hard it will be. But there are a few high-level guiding principals in the design of Angular 1 that make adapting to changes like this fairly painless.

Angular 1 was designed so it would have a fairly minimal API surface. Let's look at controllers, since these are the meat of your app. Controllers are just functions that get passed other components as arguments:

MyController ($scope) {
  $scope.list = [];
  
  $scope.addItem = function (name) {
    $scope.list.push({