@ilyaswebwon.bsky.social
November 9, 2025 at 7:19 PM
Turns a bug into a tolerated attack surface. It admits the victim is collateral damage during a period the defender has chosen to leave open
November 5, 2025 at 8:17 PM
Turns a bug into a tolerated attack surface. It admits the victim is collateral damage during a period the defender has chosen to leave open
Reposted
(5/5) For Client-Side Race Conditions based on network requests, you can slow down time by holding up the Connection Pool. Then slowly release them one by one, performing any actions you need in between with 100% consistency.
October 17, 2025 at 8:43 AM
(5/5) For Client-Side Race Conditions based on network requests, you can slow down time by holding up the Connection Pool. Then slowly release them one by one, performing any actions you need in between with 100% consistency.
and X with Ai genrated Fake Videos
October 13, 2025 at 7:16 PM
and X with Ai genrated Fake Videos
I am asking this because in context of WebWorkers the input is being passed by importScript() then there is no chance to convert any string or number into a function
August 28, 2025 at 10:04 PM
I am asking this because in context of WebWorkers the input is being passed by importScript() then there is no chance to convert any string or number into a function
May be I am wrong or my question is silly isn't prototyping would be a good idea to avoid the undeifned??
August 28, 2025 at 10:00 PM
May be I am wrong or my question is silly isn't prototyping would be a good idea to avoid the undeifned??
Reposted
Nice addition! The only one missing is let, const, class ”hoising in the temporal dead zone” 😉
on a serious note I dont think its needed. But all these snippets reminded me of my final challenge in this post joaxcar.com/blog/2023/12...
also made me realize glitch.me is gone. Need to re-host
on a serious note I dont think its needed. But all these snippets reminded me of my final challenge in this post joaxcar.com/blog/2023/12...
also made me realize glitch.me is gone. Need to re-host
Having fun with JavaScript hoisting
Writeup of three JavaScript challenges posted on Twitter during November/December of 2023
joaxcar.com
August 28, 2025 at 6:05 PM
Nice addition! The only one missing is let, const, class ”hoising in the temporal dead zone” 😉
on a serious note I dont think its needed. But all these snippets reminded me of my final challenge in this post joaxcar.com/blog/2023/12...
also made me realize glitch.me is gone. Need to re-host
on a serious note I dont think its needed. But all these snippets reminded me of my final challenge in this post joaxcar.com/blog/2023/12...
also made me realize glitch.me is gone. Need to re-host
yeah this might be browser implementations gap.Last night i played a bit :
1. importScript() send back the reource loaded data to the main Thread but the problem is how js execuation is possible in console.log("worker recvd mesg", event.data) ??:
I tried ISO-8859-1 encodes, postmessage
1. importScript() send back the reource loaded data to the main Thread but the problem is how js execuation is possible in console.log("worker recvd mesg", event.data) ??:
I tried ISO-8859-1 encodes, postmessage
event.data
August 18, 2025 at 10:16 AM
yeah this might be browser implementations gap.Last night i played a bit :
1. importScript() send back the reource loaded data to the main Thread but the problem is how js execuation is possible in console.log("worker recvd mesg", event.data) ??:
I tried ISO-8859-1 encodes, postmessage
1. importScript() send back the reource loaded data to the main Thread but the problem is how js execuation is possible in console.log("worker recvd mesg", event.data) ??:
I tried ISO-8859-1 encodes, postmessage
If one gets manage to break out then we have a worker sandbox escape issue in Firefox??
August 17, 2025 at 5:59 PM
If one gets manage to break out then we have a worker sandbox escape issue in Firefox??