|
You could maybe try something like a WebWorker. It will run a separate .js file in a separate thread, and has no access to the DOM or a lot of other things, but can communicate with the main thread (and thus, the DOM) via postMessage.
|
# ? Nov 5, 2015 15:34 |
|
|
# ? Jun 5, 2024 08:49 |
|
Bruegels Fuckbooks posted:The requirement for making it so the script interacts with the widget means you should probably look into having the widget render on the server with the user script executing on the server as well (like using node / Rhino) - some of the codepad utilities will run the javascript in an iframe, but since the script needs to interact with the widget, it'll be nearly impossible to lock everything down client side.
|
# ? Nov 5, 2015 15:36 |
|
Subjunctive posted:Oh, I meant at the call site, sorry. nah, I should have realized what you meant from the context
|
# ? Nov 5, 2015 15:39 |
|
Sandboxing is what caja does, it works well.
|
# ? Nov 5, 2015 17:02 |
|
Subjunctive posted:Sandboxing is what caja does, it works well. oh, this looks perfect! Looks like it works how I envision something like this should work... edit: except for all of their demos being broken...
|
# ? Nov 5, 2015 22:31 |
|
Skandranon posted:You could maybe try something like a WebWorker. It will run a separate .js file in a separate thread, and has no access to the DOM or a lot of other things, but can communicate with the main thread (and thus, the DOM) via postMessage. that's not a bad idea. I googled a bit along these lines and found this: https://github.com/asvd/jailed Which seems like I could do something with. I think what I'd want to do is instantiate the user code inside a wrapper, which would provide with an API that shadowed that of my widget. However, rather than operating on the widget directly, the user would actually be invoking the wrapper, which would use postMessage to communicate a command to the wrapper around the widget. Likewise, any events generated by the widget would themselves invoke postMessage to communicate a command to the worker, which would then invoke a cooresponding worker event. This seems a lot simpler than using caja, and I bet it would be a lot faster too... I'm already worried about my app being very resource-intensive on the server side, even without needing to worry about processing crap for every little UI interaction. edit: Oh I see now, this is exactly what jailed does already! I just need to provide a wrapper to jailed's application.remote object to hide that interface from the user. German Joey fucked around with this message at 23:25 on Nov 5, 2015 |
# ? Nov 5, 2015 22:39 |
|
I am running into some issues with a Node.js function I am trying to run on AWS Lambda and need some help. I have a Lambda function wired up to receive events on an S3 bucket where I have gzipped log files sent to using Logrotate. When the files reach S3, Lambda kicks in and executes a Node.js function that retrieves the object from S3 and gunzip's it and attempts to process the log entries. The problem is the gzip actually contains directories with the logfile(s) nested and I cannot figure out how to process the Buffer returned from the zlib.gunzip operation with the folders involved. Is there a way to do this in memory, or should I be getting the object from S3, writing it to the disk, gunzip there and then use fs to read the contents of the files in the directories? Memory would be ideal but if writing it to the disk is my only option, that is fine. Thanks and let me know what else could help here.
|
# ? Nov 5, 2015 23:24 |
|
I saw this today: http://tonicdev.com Its basically jsfiddle or codepen but for nodejs. I haven't looked at it much yet, but seems like a really awesome way to test out npm modules without installing anything. I have no idea how it could possibly be secure though.
|
# ? Nov 6, 2015 22:12 |
|
Hey guys, I'm trying to learn Javascript and I'm making a an API call using basic auth. When using Postman, I can get a response no problem. When copying that same Postman request into my app, I get the following response:quote:XMLHttpRequest cannot load https://api.routexl.nl/tour. Response for preflight has invalid HTTP status code 401 Setting withCredentials to true gives me an error like this: quote:XMLHttpRequest cannot load https://api.routexl.nl/tour. Response to preflight request doesn't pass access control check: A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://127.0.0.1:8000' is therefore not allowed access I'm led to believe this is a CORS issue, but I'm not entirely sure how to fix it or if I even CAN fix it. What's the correct way to go about this? Thanks for the help. Tigren fucked around with this message at 19:06 on Nov 7, 2015 |
# ? Nov 7, 2015 19:02 |
|
Yeah, you need CORS enabled on the server and your client request. Look at http://enable-cors.org for info relevant to your server, there is middleware available for most frameworks If you don't have control over the server you're poo poo out of luck, you'll then need the JavaScript to run in the context of that domain in order to avoid CORS checks. This is a security feature so you're not going to find a loophole for avoiding CORS.
|
# ? Nov 7, 2015 19:33 |
|
Maluco Marinero posted:Yeah, you need CORS enabled on the server and your client request. That's the conclusion I came to. Unfortunately, I don't control the server. Thanks for the help.
|
# ? Nov 7, 2015 19:51 |
|
There's a business idea in building a proxy that flat out ignores CORS and shoves all requests through it.
|
# ? Nov 7, 2015 19:57 |
|
Suspicious Dish posted:There's a business idea in building a proxy that flat out ignores CORS and shoves all requests through it. npm install corsproxy
|
# ? Nov 7, 2015 20:12 |
|
CPaaS corsproxy as a service
|
# ? Nov 7, 2015 21:43 |
|
Suspicious Dish posted:There's a business idea in building a proxy that flat out ignores CORS and shoves all requests through it. Doesn't give you the user's request context (cookies, auth, certs), alas.
|
# ? Nov 7, 2015 22:39 |
|
Subjunctive posted:Doesn't give you the user's request context (cookies, auth, certs), alas. why can't you proxy those through
|
# ? Nov 7, 2015 22:54 |
|
Suspicious Dish posted:why can't you proxy those through Because they only get sent to the appropriate domain, which isn't corsaas.com.
|
# ? Nov 7, 2015 23:02 |
|
Oh, I was imagining you were talking about the page host's cookies, not the target host's cookies (so document.cookie is sufficient). Auth seems irrelevant -- I don't think browsers save auth between sessions, so a prompt for auth doesn't seem too out of place (you could convince users to re-enter it). And does anybody use client-side certs yet? OK, OK, outside of that one weird corporate site you encountered once that also required a custom ActiveX plugin.
|
# ? Nov 7, 2015 23:08 |
|
document.cookie doesn't convey httponly cookies, of course. by certs I mean validation of the server's cert against the client's configuration (roots installed, revocations seen), but apparently in Europe client certs are actually a thing for government sites? We used to get bugs filed.
|
# ? Nov 7, 2015 23:14 |
|
Sure, but the whole reason for a CORS proxy is to work around a security policy. So of course our corsaas wouldn't validate any certificates, ever, and it would just serve up over plain HTTP, sslstrip style.
|
# ? Nov 7, 2015 23:24 |
|
If you're on a mac you should be able to do something like the below to disable the chrome security stuff: code:
But honestly, the easiest solution (if you're not dependent on someone else's lovely api) is to just spin up a server. An express server is like 5 lines, but if that's too much for you, python comes with a one-liner you can run from the command prompt. Just run it from wherever your index.html is. You don't need to know any python at all, just get it installed and you can do this from the terminal: code:
my effigy burns fucked around with this message at 23:47 on Nov 7, 2015 |
# ? Nov 7, 2015 23:44 |
|
Suspicious Dish posted:And does anybody use client-side certs yet? OK, OK, outside of that one weird corporate site you encountered once that also required a custom ActiveX plugin. Then they decided Gmail was too open. Solution: 1. Instead of logging into gmail, you log into some external provider. 2. User needs client side certificate and activex control to log in, and can no longer go directly to gmail, but has to go through some weird website, which requires typing in the concatenation of your company id and employee id plus your password to log in. 3. You need to install a bunch of weird bullshit to get gmail on a phone to work but that's OK because you need authorization from someone director level or higher to get it on your phone. It loving sucks. I can't figure out how to have Fiddler open and check my email at the same time, or get Gmail to work with loving google chrome.
|
# ? Nov 8, 2015 15:41 |
|
Bruegels Fuckbooks posted:My company used to use Lotus Notes, and then the announcement went out that we were going to use gmail. It was great - we could use it on our phones, just use it on any web browser. It worked pretty well for 4 years. That is loving insane. Was two-factor not an option with Gmail? For a company to be ISO-something-security compliant, you just need two factor and password changes every 3? months I believe. I've worked in places that required security clearances and even then there is nothing as insane as that. Edit: Sounds like your company got a bunch of FUD as a sales pitch to buy just another layer of "protection" which is just another places where employee information is held by yet another company.
|
# ? Nov 10, 2015 18:12 |
|
I have a beginner nodejs question. The following file is chatserver.js, it's supposed to let you telnet into localhost and type messages back and forth. I don't understand how the parameters are being passed to the listeners in the chatServer.on() parts. How does the event emitter know which object to pass into the event listener as the 'client' parameter for the 'connection' event? Same goes for the 'data' parameter in the 'data' event. code:
|
# ? Nov 11, 2015 03:25 |
|
i think part of it might be indentation a bit:code:
|
# ? Nov 11, 2015 03:42 |
|
Mr. Jive posted:Couldn't the emitter pass basically anything in there? How do I know that something usable is being passed? How does the emitter know that it needs to pass in the data it receives from the socket? How does the emitter know that a 'data' event means it should send something my code can broadcast? Is the event emitter passing a whole truckload of arguments but my code (as written) only cares about the first one? All of the parameters for each event will be documented. Because its JS the only "guarantee" you have on the arguments is the documentation (or reading the code lol).
|
# ? Nov 11, 2015 05:46 |
|
Mr. Jive posted:I have a beginner nodejs question. The following file is chatserver.js, it's supposed to let you telnet into localhost and type messages back and forth. The code creates a server as the variable chatServer, the chatServer.on function accepts two arguments, an event and a listener. The event is the string 'connection' and the listener is that function(client) stuff, which is a callback. Because node is async, everything in the callback gets evaluated immediately. Callbacks are one of the main ways of establishing flow control in node, for better or for worse. It creates an object "client", gives it a name property, writes "Hi, (name)", pushes it to an array of connected clients, and then sits around waiting for data. The data is also a callback and just gets stuffed into the broadcast function, which writes it to everyone in the clientList array. So to hopefully address your questions: Yes, it can do basically anything in the listener, but what it's doing is defined by your code. Hopefully you know something's usable because you wrote usable code. The code starts a data stream; in the on data event handler, "data" is just a parameter name for whatever the chunk of input is that gets passed to the callback. It knows to broadcast it because the callback runs the broadcast function, which tells it to loop through the client list array and write the data to all of them. I don't think this code is passing a whole truckload of arguments to anything, but if somehow you tried to execute, say, broadcast(data, client, foo, bar, baz), then javascript's just going to ignore the excess argument.
|
# ? Nov 11, 2015 08:15 |
|
Tao Jones posted:Hopefully you know something's usable because you wrote usable code. Thanks, this in particular helps. necrotic posted:All of the parameters for each event will be documented. Because its JS the only "guarantee" you have on the arguments is the documentation (or reading the code lol). Am I understanding this documentation correctly in that the bullet point is the thing that will be passed as an argument when the listener is called? So in this case, the 'net' event emitter creates an instance of 'net.Socket' upon a 'connect' event and passes that as the first argument to the listener?
|
# ? Nov 13, 2015 01:10 |
|
Mr. Jive posted:Thanks, this in particular helps. Correct. The format for their documentation of event callbacks is piss poor, but at least it exists I guess...
|
# ? Nov 14, 2015 16:02 |
|
Is it possible to do very RAM intensive computations in google chrome? I have a script that I fully expect to use multiple GB of ram, but it can only allocate up to about 1.5GB before chrome gives up with an "Aw Snap", even though I still have 8-10GB free and on 64bit system. The aw snap page is supremely unhelpful and only suggests that i close other tabs to free up RAM.
|
# ? Nov 15, 2015 10:46 |
|
What the hell are you doing that needs multiple GB of RAM, and why are you doing it in javascript?
|
# ? Nov 15, 2015 11:38 |
|
German Joey posted:What the hell are you doing that needs multiple GB of RAM, and why are you doing it in javascript? CSG CAD stuff, for fun http://openjscad.org e: it doesn't normally need GBs of ram but i wanted to render a specific very high detail script peepsalot fucked around with this message at 12:05 on Nov 15, 2015 |
# ? Nov 15, 2015 11:59 |
|
peepsalot posted:Is it possible to do very RAM intensive computations in google chrome? I have a script that I fully expect to use multiple GB of ram, but it can only allocate up to about 1.5GB before chrome gives up with an "Aw Snap", even though I still have 8-10GB free and on 64bit system. The aw snap page is supremely unhelpful and only suggests that i close other tabs to free up RAM. Are you on windows? 32-bit processes will crash when they hit the virtual size limit on windows. You should try using 64-bit chrome.
|
# ? Nov 15, 2015 15:49 |
|
Bruegels Fuckbooks posted:Are you on windows? 32-bit processes will crash when they hit the virtual size limit on windows. You should try using 64-bit chrome. I am on linux w/ 64bit chrome
|
# ? Nov 15, 2015 16:37 |
|
peepsalot posted:I am on linux w/ 64bit chrome Have a look around in chrome://flags You might be able to find some settings that let you tune V8 (the JavaScript engine)
|
# ? Nov 15, 2015 20:51 |
|
peepsalot posted:CSG CAD stuff, for fun fairly cool! edit: sites like this always make me feel warm and glowing about how amazing the potential of the web is, but then when I start developing in Javascript again it doesn't take long for me to degenerate back into a frothing, furious mess. German Joey fucked around with this message at 21:33 on Nov 15, 2015 |
# ? Nov 15, 2015 21:30 |
|
Hi, I've made a simple little hobby API project using node and express. I'm fairly new to the node ecosystem and am looking for a lightweight unit testing framework I can use; any suggestions? Thanks!
|
# ? Nov 16, 2015 14:39 |
|
Mostly Sober posted:Hi, I've made a simple little hobby API project using node and express. http://mochajs.org is good
|
# ? Nov 16, 2015 16:32 |
|
obstipator posted:http://mochajs.org is good
|
# ? Nov 17, 2015 00:39 |
|
|
# ? Jun 5, 2024 08:49 |
|
First a few caveats:
code:
|
# ? Nov 18, 2015 18:30 |