Frontend Scrapbook

Notes that make a difference

Author: admin

Managing state in pure React

By admin on Tue Aug 18 2020

State can take different forms Model data : nouns in the application View/UI state : Are data sorted in some order Session State : Is the user even logged in ? Communication: process of fetching the nouns from the server Location : where are we in the application This boils down to Model state ( […]

Revert a merge commit which is already pushed to remote

By admin on Tue Aug 18 2020

git checkout feature/dev git reset #commit-hash ( hash of the previous to merged commit ) git status ( will show all the changes part of the merged/wrong commit ) git reset –hard ( will revert all those changes ) git push -f origin feature/dev ( -f force pushes the branch to remote. Note that the […]

Man-In-the-Middle attacks, HTTPS, HTTPS downgrade and HKBP

By admin on Mon Aug 17 2020

In 1994, Netscape invents and implements SSL, and HTTPS on top of it. In 1999, IETF adopts SSL 3.1 known as TLS 1.0 In. 2008, TLS 1.2 ( SSL 3.3 ) Cryptography involves two types of encryption. Symmetric encryption ( locking a file with password – where password used is same to lock and unlock […]

Securing 3rd party scripts

By admin on Mon Aug 17 2020

Recommendations are Reproducible builds, with a lockfile Use LTS versions where you care less about bleeding edge features Tests that assert only expected requests are sent out Use Subresource Integrity attributes on script and link tags <script integrity=“sha256-oqVuAP” crossorigin=“anonymous” src=“core.js”></script> crossorigin=“anonymous” means do not send over cookies with request. Hash value is generated from the […]

Clickjacking

By admin on Mon Aug 17 2020

It’s a UI redress attack. Can be used to capture keystrokes as well. It makes use of iframes and position on top of UI and hide, thereby giving an illusion to user and tricking the user to perform an action like click. Stopping ClickJacking : X-Frame-Options HTTP response header X-Frame-Options: DENY X-Frame-Options: SAMEORIGIN X-FRAME-OPTIONS: ALLOW-FROM […]

CSRF

By admin on Sun Aug 16 2020

Takes advantage of the fact that cookies ( or badic authentication credentials ) are passed along with requests. <img src = ‘http://bank.com/transfers?from=12&to=18&amount=100 /> Above url can perform a get request and is one of several reasons to align with REST conventions. HTML forms are another vector which can be hidden in a landing page and […]

XSS

By admin on Sun Aug 16 2020

An injection attach that allows attacker to read data, or perform operations on user’s behalf. There are 4 types of Cross-Site scripting attacks Stored XSS – eg, some script being stored in database. Reflected XSS – transient response ( a validation error for eg ) from the server causes script to execute. DOM based – […]

Tail call optimization ( TCO ) & Trampoline

By admin on Sat Jun 13 2020

TCO allows recursive functions to re-use the stack frame instead of creating new frames on every call. New stack frames are created as we have more work to do ( adding to sum variable after sunRecursive return on every call ) The idea is to avoid adding to return value of call to sumRecursive once […]

Partial application vs Currying

By admin on Sat Jun 13 2020

Are two different techniques for specializing generalized functions The above example is a partial application over function ‘add’. It takes some parameters ‘now’ and rest ‘later’. Currying on the other hands says, it is going to assume every given input as ONE of its inputs to the function and return a function which can be […]

Referential transparency

By admin on Sat Jun 13 2020

Function purity is determined by its referential transparency. ie, ability to replace the function call with its return. This improves readability of the code. As in above example, it is guaranteed that the call to function x will always produce 11. Then we call such a function, a pure function in functional programming. Referential transparency […]