29 Matching Annotations
  1. Last 7 days
    1. Especially when rollup is configured with multiple outputs, I find this particular onwarn to be helpful in reducing warning clutter. It just displays each circular reference once and doesn't repeat the warning for each output:
    2. I think my personal preference would be to see them all at once. Or maybe limit it to up to 10 messages and then list the count of how many more messages were not displayed. Pick your reaction
    3. Another thing we could do to limit output would be to only every show the first circular dependency warning. I think we already do this for other types of warnings. Then you would need to tackle the warnings one-by-one, though.
  2. Oct 2020
    1. Yet it can be deceivingly difficult to properly encode (user) input

      They were talking about output encoding but then switched to input encoding? Did they really mean to say input encoding here?

    2. When processing untrusted user input for (web) applications, filter the input, and encode the output.
    3. Encoding is dependent on the type of output - which means that for example a string, which will be used in a JavaScript variable, should be treated (encoded) differently than a string which will be used in plain HTML.
  3. Sep 2020
  4. Aug 2020
  5. Jul 2020
  6. May 2020
  7. Apr 2020
    1. What we actually want to do is to escape content if it is unsafe, but leave it unescaped if it is safe. To achieve this we can simply use SafeBuffer's concatenation behavior:
    2. Our helper still returns a safe string, but correctly escapes content if it is unsafe. Note how much more flexible our group helper has become because it now works as expected with both safe and unsafe arguments. We can now leave it up to the caller whether to mark input as safe or not, and we no longer need to make any assumptions about the safeness of content.
    3. A common mistake is to see those escaped angle brackets, and "improve" the helper by making everything html_safe:
    1. 1- Validation: you “validate”, ie deem valid or invalid, data at input time. For instance if asked for a zipcode user enters “zzz43”, that’s invalid. At this point, you can reject or… sanitize. 2- sanitization: you make data “sane” before storing it. For instance if you want a zipcode, you can remove any character that’s not [0-9] 3- escaping: at output time, you ensure data printed will never corrupt display and/or be used in an evil way (escaping HTML etc…)
  8. Feb 2018
  9. Oct 2016
    1. Previously, intensity-dependent metabolic changes have been found with positron emission tomography and blood oxygen level dependent magnetic resonance imaging after TMS to motor/prefrontal cortex; bilateral motor/prefrontal and auditory activation is induced, which becomes stronger with increasing pulse intensity [Bohning et al.,1999,2000; Fox et al.,1997; Nahas et al.,2001; Siebner et al.,1999; Speer et al.,2003]. However, these results are not directly comparable with our EEG findings. Arising a few seconds poststimulus, metabolic changes reflect relatively long-lasting activity of interconnected neuronal networks, whereas we were interested in the TMS-evoked events that occurred within a fraction of a second.