SEARCH KEYWORD -- JSON LIB
Some hidden XSS injection vulnerabilities
XSS injection refers to a Web page generates some unexpected executable js codes based on user input and these executable codes are executed by web browser,i.e, the source code sent to web browser by the server contains some illegal js codes, and these illegal js codes are related to user's input. Common XSS injection vulnerabilities can be fixed with some functions such as htmlspecialchars(escaping HTML special characters) and strip_tags() or similar, but there are some hidden XSS injecti...
XSS,PHP,Security,Code,JavaScript 2012-08-27 20:32:08
Top 10 Go Coding Traps and Tips
Go is currently the most common programming language in cloud development. Though I use it very much in my work, I am still repeating certain mistakes. This article is more a record of these errors, figuring out the causes and solutions so that people who read this article will save themselves time when coming across the same problems. Let’s cut through to the tips. Don’t rely on index var in the for loop The most common mistake we make is that we often create goroutine&nbs...
TIPS,GOLANG,NIL INTERFACE 2021-07-03 23:45:51
Different types of keystore in Java -- DKS
Domain KeyStore(DKS) is a keystore of keystore. It abstracts a collection of keystores that are presented as a single logical keystore. Itself is actually not a keystore. This new keystore type is introduced in Java 8. There is a new class DomainLoadStoreParameter which closely relates to DKS. To load different keystores into the single logical keystore, some configuration is needed. Here is the format of the configuration for grouping different keystores. domain [ ...] { keystore [ ....
How to be jQuery-free?
jQuery is now the most famous JavaScript library. There are around 57.3% websites in the world using jQuery, i.e, 6 out of 10 websites are using jQuery. If we only consider those websites which use libraries, then the percentage is even higher which is 91.7%. Although jQuery is very popular, its size is still a headache to many websites maintainers. The uncompressed jQuery 2.0 has a size of 235KB, the size is 81KB after optimization.The jQuery 1.8.3 which supports IE 6/7/8 has a uncompressed si...
jQuery,JavaScript,ECMAScript,CSS3 2013-05-13 11:53:20
Chrome’s WebRTC roadmap
Last January, Chrome was the first major browser to preview WebRTC, HTML5's new real time audio and video stack. Since then, we've been hard at work keeping up with the evolving specification, fixing bugs and listening to the web community’s feedback. The main parts of the WebRTC specification are now stable and are coming soon to all 200M+ Chrome users. With this blog post, we want to help developers plan for what will be introduced in this first stable release later this year. ...
WebRTC,Google,Open source,Roadmap 2012-04-12 10:27:51
Sending message to Slack Incoming Webhook using PHP
Slack is a popular work collaboration tool and it provides many features which help teams collaborate. It has one function which allows sending messages to channels from external source such as your own web service -- Incoming Webhook. This is extremely useful when want to monitor something and get notified when some event occurs and it doesn't require complicated setup. To send messages using Incoming Webhook, a service URL has to be generated on Slack and then the message can be posted to this...
PHP,CURL,SLACK,INCOMING WEBHOOK 2017-03-11 21:32:28
Different types of keystore in Java -- PKCS11
PKCS11 keystore is designed for hardware storage modules(HSM). It's an interface to talk to the HSMs. It doesn't actually store any keys but provide a set of classes to communicate with the underlying HSM. The actual keys and certificates are stored on the HSMs. The reason for storing the keys and materials is to ensure security and efficiency. Since the keys are on the HSMs, they are safe to be stolen. All encryption/decryption operations are performed on the HSMs as well, this incre...
Fastjson just fixed a bug which might cause out of memory issue
Fastjson just fixed a bug which might cause service down a few days ago. This bug is caused by some mishandling of special character \x which is an escaped character to indicate hexdecimal number. The impact of this bug would be big if the attacker constructs a malicious data which would cause the service down. The code which causes the issue is in com.alibaba.fastjson.parser.JSONLexerBase#scanString, when a JSON string is passed in, fastjson would parse the string character by c...
Access control in Java -- Permission check order
Previously we showed you how to turn on SecurityManager in Java. After SecurityManager is turned on, a series of permission checks will be applied on the code you are calling in your application to protect some resources against malicious access such as files, sockets etc. To perform these permission checks, a set of Permissions will be created and checked using the AccessController. The AccessController has three purposes : To decide whether an access to a critical system resource is to be all...
JAVA,SECURITY,ACCESSCONTROLLER 2016-03-07 04:17:40
Ruby net-scp cannot scp multiple files with asterisk(*)
net-ssh/net-scp is a Ruby gem which can be used to scp files between different *nix machines. It's similar to how the *nix scp command. It can be used to scp a file or a directory. However, it seems it has some problem to scp multiple files using pattern *. For example, below script is supposed to download all files from remote directory to local directory: require 'net/scp' host = 'testmachine' login = 'testaccount' password = "testpassword" remote_path = '/tmp/remote...
NET-SCP,RUBY,ASTERISK,MULTIPLE FILES 2016-10-20 03:00:13
RECENT
- Streamlining the Project Invoicing Process: Tools and Strategies
- Performance comparison of string concatenation in Go language
- Why init() is not recommended in Go
- The Role of Coding Skills in Advancing Tech Careers
- Tips for Socializing With Friends During College
- Proximity Cards Do More Than Just Open Doors
- How to choose quality painted auto parts
- Oval engagement rings from MoonOcean: Elegance of form and individual approach
- Hologres vs AWS Redshift
- GoLand connect to Hologres
- more>>