title: Exploring the DOMPurify library: Bypasses and Fixes date: Nov 17, 2024 tags: Article Web mXSS Exploring the DOMPurify library: Bypasses and Fixes (1/2) 📜 Introduction 🔍 How does client-side HTML sanitizer works? ❓ Why are mutation XSS (mXSS) possible? ▶️ DOMPurify 3.1.0 bypass (found by @IceFont 👑) Node flattening HTML Parsing states Proof Of Concept ⏩ DOMPurify 3.1.1 bypass DOMPurify 3.
Patterns for Memory Efficient DOM Manipulation with Modern Vanilla JavaScript July 29, 2024 I’ll discuss best practices to avoid excess memory usage when managing updating the DOM to make your apps blazingly fast™️. DOM: Document Object Model – A Brief Overview When you render HTML, the live view of those rendered elements in the browser is called the DOM. This is what you’ll see in your developer
Attributes and properties are fundamentally different things. You can have an attribute and property of the same name set to different values. For example: <div foo="bar">…</div> <script> const div = document.querySelector('div[foo=bar]'); console.log(div.getAttribute('foo')); // 'bar' console.log(div.foo); // undefined div.foo = 'hello world'; console.log(div.getAttribute('foo')); // 'bar' consol
I’m building a toy HTML rendering engine, and I think you should too. This is the first in a series of articles: Part 1: Getting started Part 2: HTML Part 3: CSS Part 4: Style Part 5: Boxes Part 6: Block layout Part 7: Painting 101 The full series will describe the code I’ve written, and show how you can make your own. But first, let me explain why. You’re building a what? Let’s talk terminology.
Intro ResizeObserver の ship が進みつつある。 この仕様の解説および、ElementQuery / ContainerQuery について解説する。 Resize Observer 1 ResizeObserver ResizeObserver は、最近増えつつある ObserverFamily の 1 つであり、要素のリサイズを検知するインタフェースである。 リサイズを検知したい要素をターゲットに observe() すると、ターゲットと矩形情報が取得できる。 const resizeObserver = new ResizeObserver((entries) => { entries.forEach(({target, contentRect}) => { console.log(target) const {x, y, width, height, top
Lightweight module for morphing an existing DOM node tree to match a target DOM node tree. It's fast and works with the real DOM—no virtual DOM needed! This module was created to solve the problem of updating the DOM in response to a UI component or page being rerendered. One way to update the DOM is to simply toss away the existing DOM tree and replace it with a new DOM tree (e.g., myContainer.in
1
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
GitHub - Shopify/draggable: The JavaScript Drag & Drop library your grandparents warned you about.