Skip to content

Instantly share code, notes, and snippets.

Mike Samuel mikesamuel

Block or report user

Report or block mikesamuel

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@mikesamuel
mikesamuel / test.js
Last active Apr 3, 2019
Informal tests for augmented HostEnsureCanCompileStrings
View test.js
// Run in the context of a HostEnsureCanCompileStrings callout that
// throws an EvalError (from the callee realm) for string values, and
// arrays.
const PASS = {}, FAIL = {};
function tryCompileAsFunctionBody(description, source, expectedStatus) {
let status = FAIL;
try {
new Function(source);
@mikesamuel
mikesamuel / unundoable.js
Created Mar 14, 2019
Things you can't undo
View unundoable.js
// On the server
response.write(x);
// On the client
document.body.innerHTML = x;
@mikesamuel
mikesamuel / weird0.html
Created Feb 24, 2019
Yet another example of why HTML is weird.
View weird0.html
<script>/*&#42;/alert('svg');//*/alert('html');
//<![CDATA[</script><!--]]>--></script>
<svg>
<script>/*&#42;/alert('svg');//*/alert('html');
//<![CDATA[</script><!--]]>--></script>
</svg>
@mikesamuel
mikesamuel / type-checking-code-loaders.js
Last active Jan 20, 2019
Checking arguments to Function/eval
View type-checking-code-loaders.js
class TrustedScript { // Just a stub of github.com/wicg/trusted-types
constructor(x) {
this.content = String(x);
}
toString() {
return this.content;
}
static createUnsafely(x) {
@mikesamuel
mikesamuel / monkey-with-JSON.js
Last active Aug 6, 2018
Monkeypatching JSON to distinguish parsed objects from user-code created objects
View monkey-with-JSON.js
/**
* A symbol that should only be added to objects whose
* properties come from an external string, or which include
* uncherry-picked properties from such an object.
*/
const PARSER_OUTPUT_SYMBOL = Symbol('parserOutput');
function markingReviver(_, value) {
"use strict";
if (value && typeof value === 'object') {
// HACK: This might fail if optReviver freezes values.
@mikesamuel
mikesamuel / node.diff
Created Jul 27, 2018
Node CJS module resolver hooks
View node.diff
diff --git a/lib/internal/modules/cjs/loader.js b/lib/internal/modules/cjs/loader.js
index 33d8907e4f..6df7c32efd 100644
--- a/lib/internal/modules/cjs/loader.js
+++ b/lib/internal/modules/cjs/loader.js
@@ -46,6 +46,9 @@ const preserveSymlinks = !!process.binding('config').preserveSymlinks;
const preserveSymlinksMain = !!process.binding('config').preserveSymlinksMain;
const experimentalModules = !!process.binding('config').experimentalModules;
+const { defineProperties, hasOwnProperty } = Object;
+const { apply } = Reflect;
@mikesamuel
mikesamuel / corner-cases.md
Last active Jun 21, 2018
GH Markdown auto-identifier corner cases
View corner-cases.md

Ambiguous

Ambiguous

Ambiguous

NFC Å - Å

NFKC Äffin - Äffin

@mikesamuel
mikesamuel / no-proto-json-parse.js
Created Jun 5, 2018
JSON.parse that filters out __proto__
View no-proto-json-parse.js
JSON.parse = (() => {
const undef = void 0;
const jsonParse = JSON.parse;
function noProtoReviver (key, value) {
if (key === '__proto__') {
console.warn('Removed __proto__ from parsed JSON');
return undef; // Remove property entirely
}
return value;
}
@mikesamuel
mikesamuel / hashable-json.js
Last active Feb 21, 2019
A canonicalizing function to make it easy to hash JSON
View hashable-json.js
"use strict";
// Prompted by https://esdiscuss.org/topic/json-canonicalize
// Given a string of JSON produces a string of JSON without unnecessary
// degrees of freedom like whitespace, optional escape sequences, and
// unnecessary variance in number representation.
function hashable(json) {
const strs = [] // Side table to collect string bodies
return reorderProperties(
You can’t perform that action at this time.