Written by igorw
/ Original link
on Aug. 24, 2019
Stack Machines: Compilersfundamentals <<rpn-calculator <<shunting-yard <<io <<jumps <<conditionals <<comments <<calls <<variables <<stack-frames <<heap <<compilers This is a guest post by the one and only Anthony Ferrara (@ircmaxe…
Written by Ircmaxell
/ Original link
on Apr. 22, 2019
It’s no secret that I’m into building toy compilers and programming languages. Today I’m introducing something that’s not a toy (I hope). Today, I’m introducing php-compiler (among many other projects). My hope is that these projects will grow from experimental status into fully production ready sy…
Written by Ircmaxell
/ Original link
on Jun. 21, 2018
Recently my team was working to implement Brakeman in our CI processes to automatically scan our codebase for security vulnerabilities. Among a few other issues, it identified a handful of similar XSS vulnerabilities of a similar pattern:<script type="text/javascript"> var FOO = "<%= raw …
Written by Ircmaxell
/ Original link
on Nov. 17, 2017
Lately I have been playing around with a few experimental projects. The current one started when I tried to make a templating engine. Not just an ordinary one, but one that understood the context of a variable so it could encode/escape it properly. Imagine being able to put a variable in a JavaScri…
Written by Ircmaxell
/ Original link
on Nov. 17, 2017
Developers as a whole suck at API design. We don’t suck at making APIs. We don’t suck at implementing them. We don’t suck at using them (well, some more than others). But we do suck at designing them. In fact, we suck so much that we’ve made entire disciplines around trying to design better ones (B…
Written by Ircmaxell
/ Original link
on Oct. 31, 2017
Today, a significant SQL-Injection vulnerability was fixed in WordPress 4.8.3. Before reading further, if you haven’t updated yet stop right now and update.The foundations of this vulnerability was reported via Hacker-One on September 20th, 2017.This post will detail the technical vulnerability as …