Skip to content

Instantly share code, notes, and snippets.

💭
just setting up my twttr

Ryan Grove rgrove

💭
just setting up my twttr
Block or report user

Report or block rgrove

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@rgrove
rgrove / parseJson.js
Created Feb 10, 2019
ECMA-404 compliant JSON parser in pure JS
View parseJson.js
/**
This is an ECMA-404 compliant JSON parser written in pure JS, with nice error
reporting. It's not super useful since it's ridiculously slow compared to
`JSON.parse()`, but I had fun writing it.
ISC License
Copyright (c) 2019 Ryan Grove <ryan@wonko.com>
Permission to use, copy, modify, and/or distribute this software for any purpose
@rgrove
rgrove / body-parser-prototype-poisoning-fix.js
Last active Feb 8, 2019
How to protect against prototype poisoning when using the Express body-parser library
View body-parser-prototype-poisoning-fix.js
/*
The Express body-parser library, which you may be using to parse incoming JSON
request bodies, doesn't currently protect against prototype poisoning via the
`__proto__` key.
The dangers of prototype poisoning are described in detail here:
https://hueniverse.com/a-tale-of-prototype-poisoning-2610fa170061
Until body-parser provides its own fix, you can protect yourself by adding a
reviver function that throws an error if it sees any key named "__proto__". This
@rgrove
rgrove / test.js
Created Oct 25, 2018
Node 10 memory leak with domains & Express
View test.js
'use strict';
const domain = require('domain');
const app = require('express')();
app.use((req, res, next) => {
let requestDomain = domain.create();
requestDomain.add(req);
requestDomain.on('error', next);
@rgrove
rgrove / nytimes.txt
Created Aug 23, 2018
Custom uBlock Origin filter to block the huge obtrusive ads in The New York Times's new design
View nytimes.txt
# This is a uBlock Origin filter list that blocks the huge obtrusive ads in
# The New York Times's new design.
#
# You can paste these rules into uBlock Origin's "My Filters" tab or import them
# as described here:
#
# https://github.com/gorhill/uBlock/wiki/Filter-lists-from-around-the-web
www.nytimes.com###app div:if(> div:only-child > div:only-child > div.ad)
@rgrove
rgrove / snippets.cson
Created Jan 31, 2017
Atom snippets for writing Mocha tests
View snippets.cson
# Your snippets
#
# Atom snippets allow you to enter a simple prefix in the editor and hit tab to
# expand the prefix into a larger code block with templated values.
#
# You can create a new snippet in this file by typing "snip" and then hitting
# tab.
#
# An example CoffeeScript snippet to expand log to console.log:
#
@rgrove
rgrove / README.md
Created Feb 8, 2016
Cake's approach to React Router server rendering w/code splitting and Redux
View README.md

Can't share the complete code because the app's closed source and still in stealth mode, but here's how I'm using React Router and Redux in a large app with server rendering and code splitting on routes.

Server

  1. Wildcard Express route configures a Redux store for each request and makes an addReducers() callback available to the getComponents() method of each React Router route. Each route is responsible for adding any Redux reducers it needs when it's loaded. (This isn't really necessary on the
@rgrove
rgrove / broken.js
Last active Aug 29, 2015
Chrome 43+ JS character encoding + parsing bug
View broken.js
This file has been truncated, but you can view the full file.
@rgrove
rgrove / gist:044cc7e9a5b44f583c05
Created Apr 20, 2015
New CSS properties added to the relaxed config in Sanitize 4.0.0
View gist:044cc7e9a5b44f583c05
  • alignment-adjust
  • alignment-baseline
  • all
  • anchor-point
  • azimuth
  • baseline-shift
  • binding
  • bleed
  • bookmark-label
  • bookmark-level
@rgrove
rgrove / hosts
Created Dec 1, 2014
/etc/hosts entries for RawGit
View hosts
# Temporary /etc/hosts entries for RawGit.
104.131.111.202 rawgit.com
198.232.124.74 cdn.rawgit.com
View router.js
"use strict";
var _ = SM.import('lodash');
var DOM = SM.import('sm-dom');
var Uri = SM.import('sm-uri');
// WebKit (as of version 538.35.8) fires a useless popstate event after every
// page load, even when the page wasn't popped off the HTML5 history stack. We
// only want to handle popstate events that result from a page actually being
// popped off the HTML5 history stack, so we need a way to differentiate between
You can’t perform that action at this time.