Tag javascript

 Note

Fun JS bug of the day introduced by a linting change, that lost me a good amount of time trying to work out what was going wrong:

-  const tokenSet = await client.oauthCallback(redirect, params, { code_verifier });
+  const tokenSet = await client.oauthCallback(redirect, params, { codeVerifier })

Silently changed the meaning of the code here, and needed to be fixed with:

-  const tokenSet = await client.oauthCallback(redirect, params, { codeVerifier }).catch((err) => {
+  const tokenSet = await client.oauthCallback(redirect, params, { code_verifier: codeVerifier }).catch((err) => {

Funnily enough, I've had this lead to dangerous logging in the past, but didn't spot this at first. That'll teach me!

 Like

Liked a post on Twitter
Post details

 Bookmark

A very interesting attack - having tested a few editors with colleagues, none of us could've caught it without spotting that there's a slightly wider character in a couple of places!

Recommended read: The Invisible JavaScript Backdoor – Certitude Blog https://certitude.consulting/blog/en/invisible-backdoor/

 Bookmark

This is a brilliant talk about the quirks of JavaScript, from a number of years ago.

Although it's fun to hate on JavaScript, it can also be seen about other languages.

Definitely worth a watch if you've never seen it before, or are working with JavaScript and want to have to think very hard about what the language does.

Recommended read: Wat https://www.destroyallsoftware.com/talks/wat