Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 6 years ago.
Improve this question
what security measures need to be taken when there's file access involved from client.
For instance they could use ../ to get access to root directory while we have path related functions involved.
What's the safest way to write path related code?
1) First check Poison Null bytes
if (filename.indexOf('\0') !== -1) {
return respond('That was evil.');
}
2) Whitelisting
if (!/^[a-z0-9]+$/.test(filename)) {
return respond('illegal character');
}
3) Preventing Directory Traversal
var rootDirectory = '/var/www/';
var path = require('path');
var filename = path.join(rootDirectory, userSuppliedFilename);
if (filename.indexOf(rootDirectory) !== 0) {
return respond('trying to sneak out of the web root?');
}
Reference:
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed last month.
Improve this question
I have created this function to check the pathname of these 3 products, but I think it looks a bit repetitive, so I'm wondering if there's a way to make it more optimised
function checkPathName() {
return (
window.location.pathname !== '/groovybaby-/241315' &&
window.location.pathname !== '/cleopatra/241162' &&
window.location.pathname !== '/cumulus/528678'
)}
checkPathName();
I'm expecting this function to return false for those pathnames
A better option would be to have a Set of these paths and then check if the pathname is in the set:
const PATHS = new Set([
'/groovybaby-/241315',
'/cleopatra/241162',
'/cumulus/528678',
]);
function checkPathName() {
return !PATHS.has(window.location.pathname)
}
You actually don't even need a separate function for this.
you can create array of URLs and then check if it includes your current path.
function checkPathName() {
let urls = ['/groovybaby-/241315', '/cleopatra/241162', '/cumulus/528678' ];
if ( urls.includes(window.location.pathname) )
return false
}
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
After data is loaded from filesystem, which model worth to use to resize image and return to client?
fs.readFile(process.env.OPENSHIFT_DATA_DIR + request.headers['filename'], function read(err, data) {
var w = request.headers['w']
var h = request.headers['h']
response.writeHead(200)
// CODE TO RESIZE DATA
response.write(data)
response.end()
})
Use ImageMagick:
https://www.npmjs.com/package/imagemagick
Or other modules from npm:
https://www.npmjs.com/package/image-resizer
https://www.npmjs.com/package/resize-image
https://www.npmjs.com/package/easyimage
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I want to console.log but then turn it off in production without deleting the logs statements.
What are other logging levels and how can i utilise them?
What benefits do logging libraries such as log4js offer?
Place this code in your webpage
if(window.location.hostname=="example.com"){
console.log = function(){
return;
}
}
What it will do is, if the domain name is example.com it will override the console.log functionality and it will print nothing in console.
This way it will also work in your local environment.
var myAPI={isLogged:false};
(function(api){
if(window.location.hostname=="dev.example.com"){
myAPI.isLogged=true;
}
api.log=function(msg,level){
if(!level){level='log'} //can be : warn, info, error, debug or log
if( myAPI.isLogged){
console[level](msg);
}
};
})(myAPI) ;
Then , use :
myAPI.log(new Date()+' This is security check ');
or
myAPI.log(new Date()+' Wrong password ','error');
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 7 years ago.
Improve this question
I made a game and its a type of game which takes hours to complete. Its a browser game. How can I store variables ( need to store 20-40 variables ) and load them using cookies ? ( so that I can access them even if browser is closed and opened again ). Please, I need help.
You would be better off using localStorage and not cookies. Pretty simple if you just do something like
//The defaults the user starts with
var _defaults = {
level : 1,
userName : null,
life : 100
};
//getting previous values from storage
var savedDetails = localStorage.settings ? JSON.parse(localStorage.settings) : {};
var settings = $.extend({},_defaults, savedDetails);
if(!settings.userName) {
//set username and save
settings.userName = window.prompt("name");
} else {
//username is there so say hi
console.log("Welcome back " + settings.userName);
}
//Save this back to the local storage since we made changes
localStorage.settings = JSON.stringify(settings);
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 9 years ago.
Improve this question
I have an html page with a lot of javascript code, for example the content of a div depends on length of an array :
for (var i = 0; i < movieList.length; i++) {
document.body.appendChild(document.createElement('h2')).appendChild(document.createTextNode('title: ' + movieList[i].title));
var cUL = document.body.appendChild(document.createElement('ul'));
cUL.appendChild(document.createElement('li')).appendChild(document.createTextNode(movieList[i].rating));
cUL.appendChild(document.createElement('li')).appendChild(document.createTextNode(movieList[i].year));
cUL.appendChild(document.createElement('li')).appendChild(document.createTextNode(movieList[i].length));
cUL.appendChild(document.createElement('li')).appendChild(document.createTextNode(movieList[i].isComedy));
cUL.appendChild(document.createElement('li')).appendChild(document.createTextNode('main characters: ' + movieList[i].mainCharacters.join(", ")));
}
I am using these perl LWPx::ParanoidAgent and HTML::TokeParser modules to handle the HTML code but the i want the result of the javascript script
You either need to:
Reverse engineer the JS and apply the changes it would make manually or
Run the HTML and JS through a browser or browser-like tool and read the data from its DOM
There are a number of options for the latter, including WWW::Mechanize::Firefox, WWW::Selenium and Wight.
perhaps https://getfirebug.com/ is what you're looking for. Amongst loads of other things you can view your HTML after JavaScript has altered it.