Collaborate Disseminate
I am currently working on an open source project to securely store notes, payment card numbers, etc. I would like to implement a zero knowledge encryption method so that no one but the user can decrypt this data.
Unfortunately, I am stuck … Continue reading Securely storing derived key in web app and handling user identity
Keep an eye on Dart and TypeScript in 2024, TIOBE Software CEO Paul Jansen suggests. Continue reading TIOBE Index News (January 2024): Programming Language of 2023 Goes to C#
[Oskitone]’s Hardware Hustle is a printable roll-and-write tabletop game that can be played on a single sheet of paper. It simulates attempting to run a small hardware business sustainably. Buy …read more Continue reading Simulate Running a Small Hardware Business with Hardware Hustle
I got an obviously hacked email, and accidently opened the .htm attachment on my phone (OnePlus 8t)
This was using the outlook phone app.
I have changed all of my passwords and reset my phone, is there anything else I should do to be secur… Continue reading Accidently Opened a .htm email on android [duplicate]
Say there is a web page with two 3rd party javascript URL scripts embedded in it. One creates a support chat window and the other creates an iFrame within which a user enters payment information into a form.
If the support chat script was … Continue reading Can an embedded 3rd party JS script access or keystroke log an iFrame’s content
With standard XSSI, an attacker can include a remote script which contains user-bound secrets across origins, and then read them out.
I have an endpoint which returns sensitive Javascript code, but the request to fetch it is POST-based (th… Continue reading Is POST-based XSSI possible?
The survey reveals that React’s usage share of 58% is testament to its continued dominance. Continue reading JetBrains State of Developer Ecosystem 2023: React Reigns in JavaScript Realm
I would like to initialise a React application with an OIDC token.
This token will be stored in a private field of the "api client" object. This object will be used to execute API calls and it will automatically add the OIDC toke… Continue reading Is it safe to store the OIDC token in a private field of a javascript object?
I’m trying to quickly audit a js browser extension to see if it doesn’t talk to the outside. Am I right in thinking that I can just grep the code for the following:
XMLHttpRequest
fetch
$.ajax
axios.get
WebSocket
I’m assuming un-obfuscat… Continue reading Methods to look for when checking if a javascript program is making network requests
This tutorial provides a comprehensive guide to JavaScript Map and Set, explaining their differences, use cases, and how to effectively utilize them. Continue reading JavaScript Map and Set Tutorial