XML processing modules may be not secure against maliciously constructed data. An attacker could abuse XML features to carry out denial of service attacks, access logical files, generate network connections to other machines, or circumvent firewalls.
The penetration tester running XML tests against application will have to determine which XML parser is in use, and then to what kinds of below listed attacks that parser will be vulnerable.
| # in order to find how many colors are available, I reverse-engineered Pantone's color finder: https://www.pantone.com/color-finder | |
| curl 'https://4n6dg5ccsfct3lzfssu34boemq.appsync-api.us-east-1.amazonaws.com/graphql' -H 'Accept: application/json, text/plain, */*' -H 'Referer: https://www.pantone.com/color-finder' -H 'Origin: https://www.pantone.com' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36' -H 'x-api-key: da2-sa3lsp2tkzhj3c2ysxbdprl73e' -H 'Content-Type: application/json;charset=UTF-8' --data-binary '{"query":"\n {\n getColors {\n count\n totalCount\n maxResults\n colors {\n code\n name\n rgb {r g b}\n book {\n id\n title\n group\n sortIndex\n url\n info {\n en { target description }\n |
| 1. Install bootstrap as a dev dependency, and its dependencies (node-sass and sass-loader) | |
| `npm install --save-dev bootstrap@4.0.0-beta.2 node-sass sass-loader` | |
| 2. Install nuxt plugin of bootstrap vue (includes bootstrap-vue as a dependency) | |
| `npm install @nuxtjs/bootstrap-vue` | |
| 3. Register plugin as module in nuxt.config.js (see below) | |
| 4. Create app.scss entry point (see below) |
While attempting to explain JavaScript's reduce method on arrays, conceptually, I came up with the following - hopefully it's helpful; happy to tweak it if anyone has suggestions.
JavaScript Arrays have lots of built in methods on their prototype. Some of them mutate - ie, they change the underlying array in-place. Luckily, most of them do not - they instead return an entirely distinct array. Since arrays are conceptually a contiguous list of items, it helps code clarity and maintainability a lot to be able to operate on them in a "functional" way. (I'll also insist on referring to an array as a "list" - although in some languages, List is a native data type, in JS and this post, I'm referring to the concept. Everywhere I use the word "list" you can assume I'm talking about a JS Array) This means, to perform a single operation on the list as a whole ("atomically"), and to return a new list - thus making it much simpler to think about both the old list and the new one, what they contain, and
