29 Matching Annotations
  1. Apr 2021
  2. Mar 2021
    1. o put it in the language of psy­chology, there are limits on the number of distinct concepts which we can manipulate cognitively at any one time, and we. are therefore forced, if we wish to get a view of the whole problem, to re-encode these items.1
  3. Dec 2020
  4. Nov 2020
    1. If you needed a literal { character in your markup, you could always do {'{'}. (This is how it's done in React.) Or you could do {, which is pleasingly easy to remember. Does there need to be some method of escaping beyond that?
  5. Oct 2020
    1. By default all content inside template strings is escaped. This is great for strings, but not ideal if you want to insert HTML that's been returned from another function (for example: a markdown renderer). Use nanohtml/raw for to interpolate HTML directly.
    1. Escaping is a subset of encoding: You only encode certain characters by prefixing a special character instead of transferring (typically all or many) characters to another representation.
    1. Yet it can be deceivingly difficult to properly encode (user) input

      They were talking about output encoding but then switched to input encoding? Did they really mean to say input encoding here?

    2. When processing untrusted user input for (web) applications, filter the input, and encode the output.
    3. Encoding is dependent on the type of output - which means that for example a string, which will be used in a JavaScript variable, should be treated (encoded) differently than a string which will be used in plain HTML.
    4. Escaping is a subset of encoding, where not all characters need to be encoded. Only some characters are encoded (by using an escape character).
    5. Encoding is transforming data from one format into another format.
    6. what's the difference between escaping and encoding
  6. mdxjs.com mdxjs.com
    1. Before MDX, some of the benefits of writing Markdown were lost when integrating with JSX. Implementations were often template string-based which required lots of escaping and cumbersome syntax.
  7. Jul 2020
  8. May 2020
    1. '

      because it's in YAML

      but this means you can't use any ' in the actual script line

      or you have to use different delimiters if you do

      bottom line is it makes it harder to write/include your script than simply creating a separate shell script file.

  9. Apr 2020
    1. What we actually want to do is to escape content if it is unsafe, but leave it unescaped if it is safe. To achieve this we can simply use SafeBuffer's concatenation behavior:
    2. Our helper still returns a safe string, but correctly escapes content if it is unsafe. Note how much more flexible our group helper has become because it now works as expected with both safe and unsafe arguments. We can now leave it up to the caller whether to mark input as safe or not, and we no longer need to make any assumptions about the safeness of content.
    3. A common mistake is to see those escaped angle brackets, and "improve" the helper by making everything html_safe:
    1. 1- Validation: you “validate”, ie deem valid or invalid, data at input time. For instance if asked for a zipcode user enters “zzz43”, that’s invalid. At this point, you can reject or… sanitize. 2- sanitization: you make data “sane” before storing it. For instance if you want a zipcode, you can remove any character that’s not [0-9] 3- escaping: at output time, you ensure data printed will never corrupt display and/or be used in an evil way (escaping HTML etc…)
  10. Jul 2019
  11. Oct 2018
  12. Sep 2016
    1. Formati aperti per i dati

      Per molti dei formati di questo paragrafo, nella gran parte dei portali italiani, c'è molto spesso una grave lacuna: non viene mai dichiarato l'encoding dei caratteri. Questa è una barriera veramente fastidiosa. Andrebbe indicata da qualche parte la necessità (penso ai CSV, JSON, XML, ecc.) di specificare sempre l'encoding e di preferire ove possibile l'UTF8.

  13. Jul 2016
    1. How we insist that the hateful language they hear from public figures on TV does not represent the true spirit of this country.

      This line does some work. On one level, it is red meat for colorblind white (and some non-white) liberals who require all black figures to be hopeful (I've discussed this more here: http://www.theatlantic.com/politics/archive/2015/08/between-the-world-and-me-book-club-not-trying-to-get-into-heaven/400271/).

      On another level, it is doing some inter-group communication or what Stuart Hall called encoding/decoding and what Mark Anthony Neal translates into "black code" when he talks about Hall's work through modern media cultures. Obama is signaling here that she has noted those who have directed racist, sexist, classist rhetoric at her family. She has taken note.

  14. Jun 2015
    1. h?Bb `mMbb?`THv +QmMi2` iQ i?2 T`2pBHBM; aBHB+QM oHH2v M``iBp2- r?B+? Bb 2bb2MiBHHvQM2 Q7i2+?MQHQ;B+H /2i2`KBMBbKĜ i?2 B/2 i?i i2+?MQHQ;v /`Bp2b ?BbiQ`vX