Are Javascript closures a useful technique to limit exposing data to XSS?

I’m wondering if using Javascript closures is a useful technique to limit exposing data to XSS? I realize it wouldn’t prevent an attack, but would it reliably make an attack more difficult to execute, or would it only make my code more irritating to write and read (a waste of time)?

I got the idea from the Auth0 documentation regarding storing OAuth/OIDC tokens. It reads:

Auth0 recommends storing tokens in browser memory as the most secure option. Using Web Workers to handle the transmission and storage of tokens is the best way to protect the tokens, as Web Workers run in a separate global scope than the rest of the application. Use Auth0 SPA SDK whose default storage option is in-memory storage leveraging Web Workers.

If you cannot use Web Workers, Auth0 recommends as an alternative that you use JavaScript closures to emulate private methods.

I can see how this is better than just putting the token or other sensitive information in localstorage. In localstorage an XSS attack needs only to execute localStorage.token to get the token.

Now, if you’re not familiar with tokens just apply this reasoning to any sensitive to information. In my case I want to build a client-side cache mapping user IDs to usernames for an administrative interface, but I realize that client IDs and usernames are somewhat sensitive, so I wondered if I could “hide” the data.

javascript – Erro ao tentar abrir arquivo em tempo de execução com PHP

Sou iniciante em PHP e recentemente recebi e instalei os códigos de um aplicativo que funciona perfeitamente via WEB para eu rodar localmente.

Tive sucesso na instalação do XAMPP, na importação e configuração do BD e também ao rodar a aplicação, aparentemente funcionando perfeitamente, então, ao testar as funcionalidades eu fiz o upload de arquivos com sucesso, porém ao tentar abri-los surge este erro:

Sorry, the page you are looking for could not be found

Caminho e arquivo que são apresentados no navegador (errado):

…/public/storage/uploads/classes_uploads/upload_fileArquivo.pdf

Caminho dos arquivos que estão salvos no meu PC (correto):

…storageapppublicuploadsclasses_uploads

O ajuste em config.fs apontando o localhost está correto, a aplicação é executada localmente.

Não consegui localizar o arquivo que está direcionando a leitura para outro local.

Por favor, alguém pode me ajudar com isso?

javascript – FancyBox with Slick slider issue

I added fancybox and slick slider and its working perfectly but there is 1 problem that i cannot resolve when you slide images inside fancybox lets say you have 2 images in the slider then you clicked on images to view other images in fancybox slide when you scroll over 2 more images and goes to the 3rd images then you close the fancybox slide it reset width and height of slick slider images and it goes half of the image for example image number 1 goes 50% and number 2 images goes full width and height and image number 3 goes 50% width also.

here is my code :

HTML

<div class="slide-images">

<div><a data-fancybox="gallery" href="Image/image1.jpg"><img src="Image/image1"></a></div>
<div><a data-fancybox="gallery" href="Image/image2.jpg"><img src="Image/image2"></a></div>
<div><a data-fancybox="gallery" href="Image/image3.jpg"><img src="Image/image3"></a></div>
<div><a data-fancybox="gallery" href="Image/image4.jpg"><img src="Image/image4"></a></div>
<div><a data-fancybox="gallery" href="Image/image5.jpg"><img src="Image/image5"></a></div>
<div><a data-fancybox="gallery" href="Image/image6.jpg"><img src="Image/image6"></a></div>
<div><a data-fancybox="gallery" href="Image/image7.jpg"><img src="Image/image7"></a></div>
<div><a data-fancybox="gallery" href="Image/image8.jpg"><img src="Image/image8"></a></div>

</div>

JavaScript

$('.slide-images').slick({
    dots: false,
    infinite: true,
    slidesToShow : 2,
    slidesToScroll:2,
    nextArrow : '<button><i class="fas fa-arrow-square-right"></i></button>',
    prevArrow : '<button><i class="fas fa-arrow-square-left"></i></button>',
  });

Images of what i get :

Image 1

Image 2

Image 3

javascript – In regards to real time turn based games, where should the turn handler be?

I’m currently developing a pool-like browser game. I’m stuck on where should I handle the turn changing, timer, etc.

Currently, turn timer (i.e. 15 seconds left to do action, then turn will change) is handled by the server. But the changing of turns itself is handled by the client (the browser itself).

Now in my current setup, whenever a player leaves window focus, the game gets out of sync. Should I migrate the turn change handling to the server instead?

javascript – RangeError: Invalid time value

Não estou entendendo o motivo do erro pois estou copiando o mesmo codigo que ja fiz, mas porem o que notei é que não está aceitando a variável que tem a data. Projeto feito me react e typescript

{Intl.DateTimeFormat('pt-BR', { timeZone: 'UTC' , year: 'numeric', month: 'numeric', day: 'numeric'}).format( new Date(data.day))}

O data.day tem o valor de 2020-07-09, e da o seguinte erro

RangeError: Invalid time value
Detail
C:/Users/XX/Desktop/XX/XX/frontend/src/pages/Detail/index.tsx:115
  112 | <div className="group-description">
  113 |     <div className="description">
  114 |         <span>Dia da pedalada: 
  > 115 |             {Intl.DateTimeFormat('pt-BR', { timeZone: 'UTC' , year: 'numeric', month: 'numeric', day: 'numeric'}).format( new Date(data.day))}
  | ^  116 |         </span>
 117 |     </div>

PS: o XX dos arquivos é so pra esconder o caminho

No funciona la test de expresiones regulares en javascript

Tengo

        function validarconexpresionesregulares() {

        var re = new RegExp("((mailto:|(news|(ht|f)tp(s?))://){1}S+)");
        var cadena="http://";
        if (re.test(cadena)) {
                subcadena = ' contiene ';
            } else {
                subcadena = ' no contiene ';
            }     }

No ejecuta el script, se salta la pregunta test.

Sin embargo, si tengo

        function validarconexpresionesregulares() {

        var re = new RegExp("((mailto:|(news|(ht|f)tp(s?))://){1}S+)");
        var cadena="http://";
        alert(re.test(cadena))      }

Me lo ejecuta, aunque me da false el test.

¿Qué puede ser?

Muchas gracias.

javascript – Circle around link on hover

I’m having troubles figuring how to make a circle doodle(like a hand drawn sketch) appear on a link when hovered. In a perfect world it should be an animated svg path, but at this point just to appear works for me. Here is what exactly I’m trying to achieve:

enter image description here

I’ve tried with background-image set to opacity:0 and when hover on opacity:1, but the issue is that when the link is longer the background image doesn’t cover it all. Also I’ve tried with borders, but then I can’t add a custom border shape, to look like a circle sketch you do with a pen.

Here is an example I found online: click here , the “Circle Me” example, under “Highlighted headlines”

I hope that this all makes sense,
Thank you!

post – ¿Como se envía un objeto javascript { } a un servidor?, sin convertirlo en json

envió al servidor por medio del método post
comúnmente se suele transformar un objeto javascript a json para que el servidor pueda manejarlo pero eso no me interesa he investigado sobre formData y eso esta bien pero alguien sabe si específicamente se puede enviar al servidor un objeto javascript asumiendo que el servidor pueda manejarlo.

javascript – How can I ensure that our RSS feed contains all changed nodes?

I am far from an expert in this area so excuse me if I do not use the correct terminology.

I want to create an RSS feed containing nodes that do not get updated directly. They use D3.js javascript scripts that references files which are used to create the charts. I update the files daily by uploading them to the host. I store the new file names in blocks which are included in the relevant nodes.

Is this possible? Do I need to update the Updated date and if so is there a way to do this without editing each node?

Existe "inline functions" en JavaScript o react-native(componente) que paresca o sea igual a "inline functions" de Matlab?

f=inline("x^2+2*x+1");// en matlab 
f(3)// esto retornaria 16 

En JavaScript o un componente que haga eso en react native?????