When 3rd party JavaScript attacks

JS Party: JavaScript, CSS, Web Development

JS Party: JavaScript, CSS, Web Development

Player FM - Internet Radio Done Right

1,026 subscribers

JavaScript

تمت الإضافة منذ قبل eight عام

المحتوى المقدم من Changelog Media. يتم تحميل جميع محتويات البودكاست بما في ذلك الحلقات والرسومات وأوصاف البودكاست وتقديمها مباشرة بواسطة Changelog Media أو شريك منصة البودكاست الخاص بهم. إذا كنت تعتقد أن شخصًا ما يستخدم عملك المحمي بحقوق الطبع والنشر دون إذنك، فيمكنك اتباع العملية الموضحة هنا https://ar.player.fm/legal.

Tickets to Travel

1
Ep. 42 - RevPar Problems, Real Talk: When Memes meet Metrics with Calvin Tilokee 47:59

منذ 13 يومًا47:59

التشغيل لاحقا

قوائم

إعجاب

احب

47:59

Ep. 42 - RevPar Problems, Real Talk: When Memes Meet Metrics with Calvin Tilokee How do revenue managers really think? What makes hotel rates spike during Taylor Swift concerts—or Bigfoot conventions? And why do memes about ADR hit harder than your star report? In this episode of Tickets to Travel: The Business of Travel Experiences , we sit down with Calvin Tilokee of RevPAR Media, the sharp mind behind the viral @RevPARProblems Instagram account. Calvin pulls back the curtain on hotel pricing strategy, compression events, influencer marketing, and what event producers often get wrong when pitching to hotels. Whether you’re trying to block rooms for a major festival, fill your hotel over a soft week, or just want to understand the secret language of revenue managers, this episode is packed with insight and humor. This episode is a must-listen for hotel sales and revenue teams, meeting and event planners, festival promoters, and hospitality marketers. Follow @RevPARProblems on Instagram for daily hotel truths and satire. And subscribe now to hear why Calvin says: “We don’t need your group when we’re already full. Call us the week after Christmas.” For more insider conversations at the intersection of travel, ticketing, and live experiences, follow us on all socials @Tix2TravelPod and subscribe wherever you get your podcasts. If you haven’t listened yet, head to www.tttpod.com to catch up on past episodes.…

منذ عام واحد 53:15

MP3•منزل الحلقة

Simon Wijckmans from c/side joins Jerod & Nick to discuss the Pollyfill attack in detail. What does it mean for web developers & client-side security going forward?

Join the discussion

Changelog++ members save 1 minute on this episode because they made the ads disappear. Join today!

Sponsors:

Wix – Wix Sudio is for devs who build websites, sell apps, go headless, or manage clients. Integrate, extend and write custom scripts in a VS code-based IDE. Leverage zero set up dev, test and production environments. Ship faster with an AI code assistant. And work with Wix headless API’s on any tech stack.

Featuring:

Simon Wijckmans – Website, GitHub, LinkedIn, X
Jerod Santo – GitHub, LinkedIn, Mastodon, X
Nick Nisi – Website, GitHub, Mastodon, X

Show Notes:

The Polyfill attack explained

Something missing or broken? PRs welcome!

فصول

1. It's party time, y'all (00:00:00)

2. Hello party people (00:00:56)

3. Welcoming Simon (00:01:23)

4. Hotlinking? Hotlinking! (00:01:47)

5. The Polyfill attack (00:02:56)

6. Nick gets called out (00:11:58)

7. Sponsor: Wix (00:14:52)

https://www.wix.com/studio

8. Reasonable risks (00:15:47)

9. Trust? But, verify (00:19:00)

10. How to verify (00:20:49)

11. Mitigation techniques (00:23:51)

12. Leading from the bottom (00:25:50)

13. Nick gets more secure (00:28:42)

14. What c/side offers (00:29:32)

15. Jerod avenges Nick (00:33:57)

16. Does c/side inject scripts? (00:38:22)

17. What the browsers could do (00:39:49)

18. Consider it cut (00:44:43)

19. Doing better server-side (00:45:31)

20. Ghoulish overkill (00:48:24)

21. Closing time (00:51:16)

22. Next up on the pod (00:51:49)

361 حلقات

#JavaScript #Prog Languages #Jsparty #Web #Programming #Frontend #Backend #Node #Changelog #Changelog Media #Tech #Animation #HTML #CSS #IoT #Robot

JS Party: JavaScript, CSS, Web Development

When 3rd party JavaScript attacks

JS Party: JavaScript, CSS, Web Development

1,026 subscribers

published منذ عام واحد

MP3•منزل الحلقة

Simon Wijckmans from c/side joins Jerod & Nick to discuss the Pollyfill attack in detail. What does it mean for web developers & client-side security going forward?

Join the discussion

Changelog++ members save 1 minute on this episode because they made the ads disappear. Join today!

Sponsors:

Wix – Wix Sudio is for devs who build websites, sell apps, go headless, or manage clients. Integrate, extend and write custom scripts in a VS code-based IDE. Leverage zero set up dev, test and production environments. Ship faster with an AI code assistant. And work with Wix headless API’s on any tech stack.

Featuring:

Simon Wijckmans – Website, GitHub, LinkedIn, X
Jerod Santo – GitHub, LinkedIn, Mastodon, X
Nick Nisi – Website, GitHub, Mastodon, X

Show Notes:

The Polyfill attack explained

Something missing or broken? PRs welcome!

فصول

1. It's party time, y'all (00:00:00)

2. Hello party people (00:00:56)

3. Welcoming Simon (00:01:23)

4. Hotlinking? Hotlinking! (00:01:47)

5. The Polyfill attack (00:02:56)

6. Nick gets called out (00:11:58)

7. Sponsor: Wix (00:14:52)

https://www.wix.com/studio

8. Reasonable risks (00:15:47)

9. Trust? But, verify (00:19:00)

10. How to verify (00:20:49)

11. Mitigation techniques (00:23:51)

12. Leading from the bottom (00:25:50)

13. Nick gets more secure (00:28:42)

14. What c/side offers (00:29:32)

15. Jerod avenges Nick (00:33:57)

16. Does c/side inject scripts? (00:38:22)

17. What the browsers could do (00:39:49)

18. Consider it cut (00:44:43)

19. Doing better server-side (00:45:31)

20. Ghoulish overkill (00:48:24)

21. Closing time (00:51:16)

22. Next up on the pod (00:51:49)

361 حلقات

#JavaScript #Prog Languages #Jsparty #Web #Programming #Frontend #Backend #Node #Changelog #Changelog Media #Tech #Animation #HTML #CSS #IoT #Robot

كل الحلقات

JS Party: JavaScript, CSS, Web Development

1
One last party 1:15:53

منذ 20 weeks1:15:53

1:15:53

Jerod is joined by KBall, Nick & Amy to throw one last JS Party! We review last year’s predictions, discuss the state of the web dev world, opine on coding AIs (of course) & divulge what comes next for the JS Party crew. Thank you for partying with us all these years! 💚 Join the discussion Changelog++ members save 8 minutes on this episode because they made the ads disappear. Join today! Sponsors: Jam.dev – One click bug reports developers love — Never explain another bug report again. Jam auto-captures all the info engineers need to debug and repro. Fly.io – The home of Changelog.com — Deploy your apps close to your users — global Anycast load-balancing, zero-configuration private networking, hardware isolation, and instant WireGuard VPN connections. Push-button deployments that scale to thousands of instances. Check out the speedrun to get started in minutes. WorkOS – AuthKit offers 1,000,000 monthly active users (MAU) free — The world’s best login box, powered by WorkOS + Radix. Learn more and get started at WorkOS.com and AuthKit.com Featuring: Jerod Santo – GitHub , LinkedIn , Mastodon , X Kevin Ball – Website , GitHub , LinkedIn , X Nick Nisi – Website , GitHub , Mastodon , X Amy Dutton – GitHub , X Show Notes: The Dysfunctonal Developer Changelog & Friends Something missing or broken? PRs welcome!…

JS Party: JavaScript, CSS, Web Development

1
React: then & now 1:13:16

منذ 30 weeks1:13:16

1:13:16

Back at React Summit in New York, KBall & Nick sat down with Tom Occhino & Shruti Kapoor for more fascinating conversations. Tom Occhino, a key figure in React’s history at Facebook (now Meta), reveals the origin story of React, which began when an ads engineer presented a revolutionary approach to web UI rendering. The discussion extends to React’s evolution through Next.js. Then, Shruti Kapoor breaks down React 19’s major features, including React Server Components (RSC), the new compiler implementation, and enhanced APIs that promise to streamline development workflows. Join the discussion Changelog++ members save 7 minutes on this episode because they made the ads disappear. Join today! Sponsors: Fly.io – The home of Changelog.com — Deploy your apps close to your users — global Anycast load-balancing, zero-configuration private networking, hardware isolation, and instant WireGuard VPN connections. Push-button deployments that scale to thousands of instances. Check out the speedrun to get started in minutes. WorkOS – AuthKit offers 1,000,000 monthly active users (MAU) free — The world’s best login box, powered by WorkOS + Radix. Learn more and get started at WorkOS.com and AuthKit.com Jam.dev – One click bug reports developers love — Never explain another bug report again. Jam auto-captures all the info engineers need to debug and repro. Featuring: Tom Occhino – Website , LinkedIn , X Shruti Kapoor – Website , GitHub , X Nick Nisi – Website , GitHub , Mastodon , X Kevin Ball – Website , GitHub , LinkedIn , X Show Notes: React.js: The Documentary React 19 RC Something missing or broken? PRs welcome!…

JS Party: JavaScript, CSS, Web Development

1
WYSIWYG 1:17:11

منذ 31 weeks1:17:11

1:17:11

At React Summit in New York, KBall & Nick sat down with Kent C. Dodds & Theo Browne for two fascinating conversations. Both of them showed us the whole gamut of their personalities! Kent shared his insights on effective teaching methodologies and the future of developer education, while diving deep into React and the Remix/React Router ecosystem, and closing on an appeal for kindness int he world. Then Theo took us behind the scenes of his developer-focused content creation, from streaming to the origins of the T3 stack, and how his online persona (including T3!) is “just him”. Join the discussion Changelog++ members save 5 minutes on this episode because they made the ads disappear. Join today! Sponsors: WorkOS – AuthKit offers 1,000,000 monthly active users (MAU) free — The world’s best login box, powered by WorkOS + Radix. Learn more and get started at WorkOS.com and AuthKit.com Jam.dev – One click bug reports developers love — Never explain another bug report again. Jam auto-captures all the info engineers need to debug and repro. Featuring: Kent C. Dodds – Website , GitHub , X Theo Browne – GitHub , LinkedIn , X Kevin Ball – Website , GitHub , LinkedIn , X Nick Nisi – Website , GitHub , Mastodon , X Show Notes: React Summit Epic Web Remix React Router T3 Stack Cursor Something missing or broken? PRs welcome!…

JS Party: JavaScript, CSS, Web Development

1
Nine pillars of great Node apps 1:04:14

منذ 32 weeks1:04:14

1:04:14

Recently, four pillars of the JavaScript community (James Snell, Natalia Venditto, Michael Dawson & Matteo Collina) teamed up to create a resource that lays out nine principles for doing Node.js right in enterprise environments. On this episode, Natalia & Matteo join Jerod to discuss all nine. Join the discussion Changelog++ members save 6 minutes on this episode because they made the ads disappear. Join today! Sponsors: Notion – Notion is a place where any team can write, plan, organize, and rediscover the joy of play. It’s a workspace designed not just for making progress, but getting inspired. Notion is for everyone — whether you’re a Fortune 500 company or freelance designer, starting a new startup or a student juggling classes and clubs. WorkOS – A platform that gives developers a set of building blocks for quickly adding enterprise-ready features to their application. Add Single Sign-On (Okta, Azure, Google, Microsoft OAuth), sync users from any SCIM directory, HRIS integration, audit trails (SIEM), free magic link sign-in. WorkOS is designed for developers and offers a single, elegant interface that abstracts dozens of enterprise integrations. Learn more and get started at WorkOS.com Jam.dev – One click bug reports developers love — Never explain another bug report again. Jam auto-captures all the info engineers need to debug and repro. Featuring: Natalia Venditto – GitHub , LinkedIn , X Matteo Collina – Website , GitHub , Mastodon , X Jerod Santo – GitHub , LinkedIn , Mastodon , X Show Notes: Nine Node Pillars close-with-grace TypeSpec Something missing or broken? PRs welcome!…

JS Party: JavaScript, CSS, Web Development

1
It's all about documentation 1:14:21

منذ 33 weeks1:14:21

1:14:21

Carmen Huidobro joins Amy, KBall & Nick on the show to talk about her work, the importance of writing docs, and her upcoming conference talk at React Summit US! Join the discussion Changelog++ members save 5 minutes on this episode because they made the ads disappear. Join today! Sponsors: Fly.io – The home of Changelog.com — Deploy your apps close to your users — global Anycast load-balancing, zero-configuration private networking, hardware isolation, and instant WireGuard VPN connections. Push-button deployments that scale to thousands of instances. Check out the speedrun to get started in minutes. Jam.dev – One click bug reports developers love — Never explain another bug report again. Jam auto-captures all the info engineers need to debug and repro. Featuring: Carmen Huidobro – Website , GitHub , X Nick Nisi – Website , GitHub , Mastodon , X Kevin Ball – Website , GitHub , LinkedIn , X Amy Dutton – GitHub , X Show Notes: Divio Docs for Developers Intuitive Tooling Martin Fowler - if it hurts, do it often Declutter your JavaScript & TypeScript projects | Knip React Summit F*cking Block Syntax Bad Website Club The Annoying Site Something missing or broken? PRs welcome!…

JS Party: JavaScript, CSS, Web Development

1
How Vercel thinks about Next.js 1:11:47

منذ 34 weeks1:11:47

1:11:47

Vercel CPO, Tom Occhino, joins Jerod for a one-on-one covering React & Next’s past, present & future. We discuss the birth of React, Tom’s move to Vercel, deploying Next apps to non-Vercel hosts, React as the next jQuery, the viability of Web Components, Vercel customers getting surprise bills & so much more. Join the discussion Changelog++ members save 9 minutes on this episode because they made the ads disappear. Join today! Sponsors: Fly.io – The home of Changelog.com — Deploy your apps close to your users — global Anycast load-balancing, zero-configuration private networking, hardware isolation, and instant WireGuard VPN connections. Push-button deployments that scale to thousands of instances. Check out the speedrun to get started in minutes. WorkOS – A platform that gives developers a set of building blocks for quickly adding enterprise-ready features to their application. Add Single Sign-On (Okta, Azure, Google, Microsoft OAuth), sync users from any SCIM directory, HRIS integration, audit trails (SIEM), free magic link sign-in. WorkOS is designed for developers and offers a single, elegant interface that abstracts dozens of enterprise integrations. Learn more and get started at WorkOS.com Notion – Notion is a place where any team can write, plan, organize, and rediscover the joy of play. It’s a workspace designed not just for making progress, but getting inspired. Notion is for everyone — whether you’re a Fortune 500 company or freelance designer, starting a new startup or a student juggling classes and clubs. Featuring: Tom Occhino – Website , LinkedIn , X Jerod Santo – GitHub , LinkedIn , Mastodon , X Show Notes: React.js: The Documentary - YouTube React, React Native, Flux, Relay, GraphQL (Changelog Interviews #149) Next.js Conf by Vercel v0 by Vercel Something missing or broken? PRs welcome!…

JS Party: JavaScript, CSS, Web Development

1
Kind of a big deal 1:00:18

منذ 35 weeks1:00:18

1:00:18

Jerod & the gang play “Twenty” Questions to get to know Amy, review the big Svelte 5 release, discuss commercial open source & get Nick’s report from SquiggleConf! Join the discussion Changelog++ members save 9 minutes on this episode because they made the ads disappear. Join today! Sponsors: Fly.io – The home of Changelog.com — Deploy your apps close to your users — global Anycast load-balancing, zero-configuration private networking, hardware isolation, and instant WireGuard VPN connections. Push-button deployments that scale to thousands of instances. Check out the speedrun to get started in minutes. Jam.dev – One click bug reports developers love — Never explain another bug report again. Jam auto-captures all the info engineers need to debug and repro. WorkOS – A platform that gives developers a set of building blocks for quickly adding enterprise-ready features to their application. Add Single Sign-On (Okta, Azure, Google, Microsoft OAuth), sync users from any SCIM directory, HRIS integration, audit trails (SIEM), free magic link sign-in. WorkOS is designed for developers and offers a single, elegant interface that abstracts dozens of enterprise integrations. Learn more and get started at WorkOS.com Featuring: Jerod Santo – GitHub , LinkedIn , Mastodon , X Kevin Ball – Website , GitHub , LinkedIn , X Nick Nisi – Website , GitHub , Mastodon , X Amy Dutton – GitHub , X Show Notes: Svelte 5 is alive Join us at React Summit US (10% off) Join us at JSNation US (10% off) Something missing or broken? PRs welcome!…

JS Party: JavaScript, CSS, Web Development

1
Digging through Jerod Santo’s tool box 59:02

منذ 37 weeks59:02

59:02

KBall interviews Jerod about the tools he uses in development, podcasting & business. We start with text editors & terminal tools, move to podcast recording & editing tools, discuss the open source podcasting platform Jerod built in Elixir, then finish with tools to run a small business & our approaches to genAI. Oh, and you don’t want to miss Jerod’s Big Confession! Join the discussion Changelog++ members save 5 minutes on this episode because they made the ads disappear. Join today! Sponsors: Jam.dev – One click bug reports developers love — Never explain another bug report again. Jam auto-captures all the info engineers need to debug and repro. Notion – Notion is a place where any team can write, plan, organize, and rediscover the joy of play. It’s a workspace designed not just for making progress, but getting inspired. Notion is for everyone — whether you’re a Fortune 500 company or freelance designer, starting a new startup or a student juggling classes and clubs. Featuring: Kevin Ball – Website , GitHub , LinkedIn , X Jerod Santo – GitHub , LinkedIn , Mastodon , X Show Notes: Nick’s tool box Zed Editor tmux Smug thechangelog/changelog.com Elixir Phoenix Atuin Riverside Adobe Audition Transistor Harvest Freshbooks Gusto Ollama Enchanted Cursor Something missing or broken? PRs welcome!…

JS Party: JavaScript, CSS, Web Development

1
A great horse to bet on 1:01:30

منذ 38 weeks1:01:30

1:01:30

Jerod & KBall discuss a trio of goings on in/around the web dev world: Evan You’s new startup, Matt Mullenweg’s WordPress mess & Ryan Carniato’s WebComponents debate. Join the discussion Changelog++ members save 7 minutes on this episode because they made the ads disappear. Join today! Sponsors: Fly.io – The home of Changelog.com — Deploy your apps close to your users — global Anycast load-balancing, zero-configuration private networking, hardware isolation, and instant WireGuard VPN connections. Push-button deployments that scale to thousands of instances. Check out the speedrun to get started in minutes. WorkOS – A platform that gives developers a set of building blocks for quickly adding enterprise-ready features to their application. Add Single Sign-On (Okta, Azure, Google, Microsoft OAuth), sync users from any SCIM directory, HRIS integration, audit trails (SIEM), free magic link sign-in. WorkOS is designed for developers and offers a single, elegant interface that abstracts dozens of enterprise integrations. Learn more and get started at WorkOS.com Featuring: Jerod Santo – GitHub , LinkedIn , Mastodon , X Kevin Ball – Website , GitHub , LinkedIn , X Show Notes: Join us at React Summit US (10% off) Join us at JSNation US (10% off) Evan You announces VoidZero Automattic Alignment Web Components Are Not the Future Something missing or broken? PRs welcome!…

JS Party: JavaScript, CSS, Web Development

1
Create interactive tutorials the easy way 51:20

منذ 39 weeks51:20

51:20

Tomek Sułkowski from TutorialKit joins Jerod to tell him all about the open source toolkit for creating awesome, interactive tutorials without having to code up the hard parts. Join the discussion Changelog++ members save 10 minutes on this episode because they made the ads disappear. Join today! Sponsors: Fly.io – The home of Changelog.com — Deploy your apps close to your users — global Anycast load-balancing, zero-configuration private networking, hardware isolation, and instant WireGuard VPN connections. Push-button deployments that scale to thousands of instances. Check out the speedrun to get started in minutes. WorkOS – A platform that gives developers a set of building blocks for quickly adding enterprise-ready features to their application. Add Single Sign-On (Okta, Azure, Google, Microsoft OAuth), sync users from any SCIM directory, HRIS integration, audit trails (SIEM), free magic link sign-in. WorkOS is designed for developers and offers a single, elegant interface that abstracts dozens of enterprise integrations. Learn more and get started at WorkOS.com Notion – Notion is a place where any team can write, plan, organize, and rediscover the joy of play. It’s a workspace designed not just for making progress, but getting inspired. Notion is for everyone — whether you’re a Fortune 500 company or freelance designer, starting a new startup or a student juggling classes and clubs. Featuring: Tomek Sułkowski – GitHub , X Jerod Santo – GitHub , LinkedIn , Mastodon , X Show Notes: Running Node natively in the browser with Eric Simons from StackBlitz TutorialKit TutorialKit on GitHub TutorialKit in the wild Welcome to the Vite Plugin API tutorial Welcome to the Remult tutorial Welcome to Next Patterns Something missing or broken? PRs welcome!…

JS Party: JavaScript, CSS, Web Development

1
Leveling up JavaScript with Deno 2 1:06:16

منذ 40 weeks1:06:16

1:06:16

Jerod is joined by Ryan Dahl to discuss his second take on leveling up JavaScript developers all around the world. Jerod asks Ryan why not try to fix or fork Node instead of starting fresh, how Deno (the open source project) can avoid the all too common rug pull (not cool) scenario, what’s new in Deno 2 & their pragmatic decision to support npm, they talk JSR, they talk Deno KV & SQLite, they even talk about Ryan’s open letter to Oracle in an attempt to free the unused “JavaScript” trademark from the giant’s clutches. Join the discussion Changelog++ members save 3 minutes on this episode because they made the ads disappear. Join today! Sponsors: Jam.dev – One click bug reports developers love — Never explain another bug report again. Jam auto-captures all the info engineers need to debug and repro. Featuring: Ryan Dahl – Website , GitHub , X Jerod Santo – GitHub , LinkedIn , Mastodon , X Show Notes: Node.js: The Documentary - YouTube From Node.js to Deno: How It All Began - YouTube 10 Things I Regret About Node.js - YouTube JSR: the JavaScript Registry rusty_v8: Rust bindings for the V8 JavaScript engine JavaScript™ (Dear Oracle) Something missing or broken? PRs welcome!…

JS Party: JavaScript, CSS, Web Development

1
It's all about the squiggles 1:12:10

منذ 41 weeks1:12:10

1:12:10

Nick is joined by Josh Goldberg & Dimitri Mitropoulos to discuss SquiggleConf, a new conference focused on web dev tooling. We explore the motivations behind creating a conference dedicated to developer tools, the challenges of organizing both conferences and local meetups, and strategies for building engaged tech communities. We also discuss the importance of developer tooling, the pandemic’s impact on tech events, and share insights on encouraging new speakers and creating inclusive environments & more! Join the discussion Changelog++ members save 7 minutes on this episode because they made the ads disappear. Join today! Sponsors: Fly.io – The home of Changelog.com — Deploy your apps close to your users — global Anycast load-balancing, zero-configuration private networking, hardware isolation, and instant WireGuard VPN connections. Push-button deployments that scale to thousands of instances. Check out the speedrun to get started in minutes. Wix – Wix Sudio is for devs who build websites, sell apps, go headless, or manage clients. Integrate, extend and write custom scripts in a VS code-based IDE. Leverage zero set up dev, test and production environments. Ship faster with an AI code assistant. And work with Wix headless API’s on any tech stack. Jam.dev – One click bug reports developers love — Never explain another bug report again. Jam auto-captures all the info engineers need to debug and repro. Featuring: Dimitri Mitropoulos – GitHub , LinkedIn Josh Goldberg – GitHub , X Nick Nisi – Website , GitHub , Mastodon , X Show Notes: SquiggleConf ESLint TypeScript ESLint Mocha Learning TypeScript book Michigan TypeScript Boston TS Club NebraskaJS Oh My Zsh (tool by Robbie Russell) React Vue Go programming language TypeScript New England Aquarium conference venue Squiggle Conf Discord Something missing or broken? PRs welcome!…

JS Party: JavaScript, CSS, Web Development

1
Undirected hyper arrows 1:07:38

منذ 42 weeks1:07:38

1:07:38

Chris Shank has been on sabbatical since January, so he’s had a lot of time to think deeply about the web platform. On this episode, Jerod & KBall pick Chris’ brain to answer questions like, what does a post-component paradigm look like? What would it look like if the browser had primitives for building spatial canvases? How can we make it easier to make “folk interfaces” on the web? Join the discussion Changelog++ members save 4 minutes on this episode because they made the ads disappear. Join today! Sponsors: Wix – Wix Sudio is for devs who build websites, sell apps, go headless, or manage clients. Integrate, extend and write custom scripts in a VS code-based IDE. Leverage zero set up dev, test and production environments. Ship faster with an AI code assistant. And work with Wix headless API’s on any tech stack. Fly.io – The home of Changelog.com — Deploy your apps close to your users — global Anycast load-balancing, zero-configuration private networking, hardware isolation, and instant WireGuard VPN connections. Push-button deployments that scale to thousands of instances. Check out the speedrun to get started in minutes. Featuring: Chris Shank – Website , GitHub , X Jerod Santo – GitHub , LinkedIn , Mastodon , X Kevin Ball – Website , GitHub , LinkedIn , X Show Notes: ChrisShank/progressive-element: A set of patterns for a behavioral paradigm of building web UIs Little-Languages/quiver: Your quiver of declarative arrows for the web. ⤵ ChrisShank/folc: Utilities to more easily make folk web pages Something missing or broken? PRs welcome!…

JS Party: JavaScript, CSS, Web Development

1
Don’t ever use these TypeScript features 49:01

منذ 43 weeks49:01

49:01

Jerod, Nick & Chris discuss a next-gen JavaScript bundler, Node getting even tighter with TypeScript, the top programming languages according to IEEE Spectrum, Chris’ feelings on Node’s built-in test runner & more! Join the discussion Changelog++ members get a bonus 4 minutes at the end of this episode and zero ads. Join today! Sponsors: Fly.io – The home of Changelog.com — Deploy your apps and databases close to your users. In minutes you can run your Ruby, Go, Node, Deno, Python, or Elixir app (and databases!) all over the world. No ops required. Learn more at fly.io/changelog and check out the speedrun in their docs . Wix – Wix Sudio is for devs who build websites, sell apps, go headless, or manage clients. Integrate, extend and write custom scripts in a VS code-based IDE. Leverage zero set up dev, test and production environments. Ship faster with an AI code assistant. And work with Wix headless API’s on any tech stack. Featuring: Jerod Santo – GitHub , LinkedIn , Mastodon , X Nick Nisi – Website , GitHub , Mastodon , X Christopher Hiller – Website , GitHub , Mastodon , X Show Notes: Announcing Rspack 1.0 Node.js — Node v22.7.0 (Current) Top Programming Languages 2024 MoonScript, a language that compiles to Lua TypeScriptToLua Home - Satisfactory Game Nest ’dem loops featuring NESTED LOOPS Song Encoder: $STDOUT The TC39 song Something missing or broken? PRs welcome!…

JS Party: JavaScript, CSS, Web Development

1
When 3rd party JavaScript attacks 53:15

منذ 44 weeks53:15

53:15

Simon Wijckmans from c/side joins Jerod & Nick to discuss the Pollyfill attack in detail. What does it mean for web developers & client-side security going forward? Join the discussion Changelog++ members save 1 minute on this episode because they made the ads disappear. Join today! Sponsors: Wix – Wix Sudio is for devs who build websites, sell apps, go headless, or manage clients. Integrate, extend and write custom scripts in a VS code-based IDE. Leverage zero set up dev, test and production environments. Ship faster with an AI code assistant. And work with Wix headless API’s on any tech stack. Featuring: Simon Wijckmans – Website , GitHub , LinkedIn , X Jerod Santo – GitHub , LinkedIn , Mastodon , X Nick Nisi – Website , GitHub , Mastodon , X Show Notes: The Polyfill attack explained Something missing or broken? PRs welcome!…

مرحبًا بك في مشغل أف ام!

يقوم برنامج مشغل أف أم بمسح الويب للحصول على بودكاست عالية الجودة لتستمتع بها الآن. إنه أفضل تطبيق بودكاست ويعمل على أجهزة اندرويد والأيفون والويب. قم بالتسجيل لمزامنة الاشتراكات عبر الأجهزة.

الاستماع إلى +500 موضوع

1,026 subscribers

مشابه لـJS Party: JavaScript, CSS, Web Development

Amazon Basics Multipurpose Copy Printer Paper, 8.5 x 11 inches, 20 lb, 1 Ream, 500 Sheets, 92 Bright, White

Amazon Basics Dog and Puppy Pee Pads with Leak-Proof Quick-Dry Design for Potty Training, Standard Absorbency, Regular Size, 22 x 22 Inches, Pack of 100, Blue & White

The Secret Of Life: Partners, Volume 2

المدونة الصوتية تستحق الاستماع

JS Party: JavaScript, CSS, Web Development « » When 3rd party JavaScript attacks

فصول

1. It's party time, y'all (00:00:00)

2. Hello party people (00:00:56)

3. Welcoming Simon (00:01:23)

4. Hotlinking? Hotlinking! (00:01:47)

5. The Polyfill attack (00:02:56)

6. Nick gets called out (00:11:58)

7. Sponsor: Wix (00:14:52)

8. Reasonable risks (00:15:47)

9. Trust? But, verify (00:19:00)

10. How to verify (00:20:49)

11. Mitigation techniques (00:23:51)

12. Leading from the bottom (00:25:50)

13. Nick gets more secure (00:28:42)

14. What c/side offers (00:29:32)

15. Jerod avenges Nick (00:33:57)

16. Does c/side inject scripts? (00:38:22)

17. What the browsers could do (00:39:49)

18. Consider it cut (00:44:43)

19. Doing better server-side (00:45:31)

20. Ghoulish overkill (00:48:24)

21. Closing time (00:51:16)

22. Next up on the pod (00:51:49)

When 3rd party JavaScript attacks

فصول

1. It's party time, y'all (00:00:00)

2. Hello party people (00:00:56)

3. Welcoming Simon (00:01:23)

4. Hotlinking? Hotlinking! (00:01:47)

5. The Polyfill attack (00:02:56)

6. Nick gets called out (00:11:58)

7. Sponsor: Wix (00:14:52)

8. Reasonable risks (00:15:47)

9. Trust? But, verify (00:19:00)

10. How to verify (00:20:49)

11. Mitigation techniques (00:23:51)

12. Leading from the bottom (00:25:50)

13. Nick gets more secure (00:28:42)

14. What c/side offers (00:29:32)

15. Jerod avenges Nick (00:33:57)

16. Does c/side inject scripts? (00:38:22)

17. What the browsers could do (00:39:49)

18. Consider it cut (00:44:43)

19. Doing better server-side (00:45:31)

20. Ghoulish overkill (00:48:24)

21. Closing time (00:51:16)

22. Next up on the pod (00:51:49)

المدونة الصوتية تستحق الاستماع

مرحبًا بك في مشغل أف ام!

The Let Them Theory: A Life-Changing Tool That Millions of People Can't Stop Talking About

The Let Them Theory: A Life-Changing Tool That Millions of People Can't Stop Talking About

Minecraft

Mini Mic Pro Wireless Microphone for iPhone, iPad, Android, Lavalier Microphone for Video Recording - 2 Pack iPhone Mic Crystal Clear Recording with USB-C for Podcast, ASMR

The Let Them Theory: A Life-Changing Tool That Millions of People Can't Stop Talking About

مشابه لـJS Party: JavaScript, CSS, Web Development

دليل مرجعي سريع

JS Party: JavaScript, CSS, Web Development « »
When 3rd party JavaScript attacks