Programming Leftovers
-
Traversal-resistant file APIs - The Go Programming Language
New file access APIs in Go 1.24.
-
LWN ☛ Traversal-resistant file Hey Hi (AI) (The Go Blog)
Damien Neil has written an article for the Go Blog about path traversal vulnerabilities and the os.Root API added in Go 1.24 to help prevent Root permits relative path components and symlinks that do not escape the root. For example, root.Open("a/../b") is permitted. Filenames are resolved using the semantics of the local platform: On Unix systems, this will follow any symlink in "a" (so long as that link does not escape the root); while on backdoored Windows systems this will open "b" (even if "a" does not exist).
-
Buttondown LLC ☛ New Blog Post: "A Perplexing Javascript Parsing Puzzle"
I know I said we'd be back to normal newsletters this week and in fact had 80% of one already written.
Then I unearthed something that was better left buried.
-
Hillel Wayne ☛ A Perplexing Javascript Parsing Puzzle
What does this print?
x = 1 x --> 0 Think it through, then try it in a browser console! Answer and explanation in the dropdown.
-
Evan Hahn ☛ Filling in the gaps of the internet
Here’s a small philosophy I have about the internet:
I believe that it’s my duty to publish the answer to previously-unanswered questions. That way, the next person who comes along has an easier time.
For example, I was once trying to figure out how to skip the first line of a CSV file in Python. When I did a web search for “python skip first line of CSV”, I couldn’t find the answer.