Please make sure that your file(s) referenced in bin starts with #!/usr/bin/env node, otherwise the scripts are started without the node executable!

Since looping over the positional parameters is such a common thing to do in scripts, for arg defaults to for arg in "$@". The double-quoted "$@" is special magic that causes each parameter to be used as a single word (or a single loop iteration). It's what you should be using at least 99% of the time.

Bash (like all Bourne shells) has a special syntax for referring to the list of positional parameters one at a time, and $* isn't it. Neither is $@. Both of those expand to the list of words in your script's parameters, not to each parameter as a separate word.

Instead of using a for loop, which will fail on spaces unless you redefine the IFS variable, I would recommend using a while loop combined with find.

Different ways to prepend a line: (echo 'line to prepend';cat file)|sponge file sed -i '1iline to prepend' file # GNU sed -i '' $'1i\\\nline to prepend\n' file # BSD printf %s\\n 0a 'line to prepend' . w|ed -s file perl -pi -e 'print"line to prepend\n"if$.==1' file

for cpp_file in *.cpp; do gcc -c $$cpp_file & done; wait This gives much finer control than make -j.

There is one very important reason for enabling job control to be useful inside scripts: the side-effect it has of placing background processes in their own process groups. This makes it much, much easier to send signels to them and their children with one simple command: kill -<signal> -$pgid. All other ways of dealing with signaling entire trees of processes either involve elaborate (sometimes even recursive) functions, which are often bugnests, or risk killing the parent in the process (no pun intended).

To avoid the problems with different versions of echo you may want to use printf instead. In contrast to echo printf always interprets \ sequences but doesn't automatically add a linefeed at the end so you have to append \n at the end if you want one.

In short: storing the token in HttpOnly cookies mitigates XSS being used to get the token, but opens you up to CSRF, while the reverse is true for storing the token in localStorage.

Remember that any Cross-Site Scripting (XSS) can be used to defeat all CSRF mitigation techniques!

That means if an attacker can inject some JavaScript code that runs on the web app’s domain, they can steal all the data in localStorage. The same is true for any third-party JavaScript libraries used by the web app. Indeed, any sensitive data stored in localStorage can be compromised by JavaScript. In particular, if an attacker is able to snag an API token, then they can access the API masquerading as an authenticated user.

But there’s a drawback that I didn’t like about this option: localStorage is vulnerable to Cross-site Scripting (XSS) attacks.

while (( "$#" )); do case "$1" in -a|--my-boolean-flag) MY_FLAG=0 shift ;; -b|--my-flag-with-argument) if [ -n "$2" ] && [ ${2:0:1} != "-" ]; then MY_FLAG_ARG=$2 shift 2 else echo "Error: Argument for $1 is missing" >&2 exit 1 fi ;; -*|--*=) # unsupported flags echo "Error: Unsupported flag $1" >&2 exit 1 ;; *) # preserve positional arguments PARAMS="$PARAMS $1" shift ;; esacdone# set positional arguments in their proper placeeval set -- "$PARAMS"

As a general rule: You should quote everything (that may be quoted).

For filter-branch, using pipelines like git ls-files | grep -v ... | xargs -r git rm might be a reasonable workaround but can get unwieldy and isn't as straightforward for users; plus those commands are often operating-system specific (can you spot the GNUism in the snippet I provided?)

the majority of XSS attacks target theft of session cookies. A server could help mitigate this issue by setting the HttpOnly flag on a cookie it creates, indicating the cookie should not be accessible on the client.

Cross-site scripting (XSS) vulnerabilities (even in other applications running on the same domain) allow attackers to bypass essentially all CSRF preventions.

$ ./my_script Will end up in STDOUT(terminal) and /var/log/messages $ tail -n1 /var/log/messages Sep 23 15:54:03 wks056 my_script_tag[11644]: Will end up in STDOUT(terminal) and /var/log/messages

exec &> >(tee -a "$log_file")

exec &> >(tee -a "$log_file") echo "This will be logged to the file and to the screen" $log_file will contain the output of the script and any subprocesses, and the output will also be printed to the screen.

Write stderr and stdout to a file, display stderr on screen (on stdout) exec 2> >(tee -a -i "$HOME/somefile.log") exec >> "$HOME/somefile.log" Useful for crons, so you can receive errors (and only errors) by mail

I just wanted to point out that the syntax is not supported by the POSIX standard and thus won't universally work in /bin/sh scripts (many people erroneously use bash syntax in /bin/sh scripts)

exec > >(tee "$HOME/somefile.log") 2>&1

unbuffer connects to a command via a pseudo-terminal (pty), which makes the system treat it as an interactive process, therefore not using any stdout buffering.

What is the equivalent of unbuffer program on Windows?

#!/bin/sh # -*- tcl -*- # The next line is executed by /bin/sh, but not tcl \ exec tclsh "$0" ${1+"$@"}

unbuffer is actually just an expect script that comes with expect

When you have a pipeline, unbuffer must be applied to each element except the last (since that doesn't have its output redirected). Example: unbuffer p1 | unbuffer p2 | unbuffer p3 | p4

unbuffer disables the output buffering that occurs when program output is redirected. For example, suppose you are watching the output from a fifo by running it through od and then more.    od -c /tmp/fifo | more You will not see anything until a full page of output has been produced. You can disable this automatic buffering as follows:    unbuffer od -c /tmp/fifo | more

because while dealing with interactive programs one often come across numerous hidden traps which doesn’t usually happen with ordinary sh-scripts. Though fortunately or may be not, but most of these problems generally turn up within first five minutes of the work under the script. The symptoms typically look like that author can’t pass the authentication from the script.

now I'll tell you what really takes place when we start interactive applications from shell scripts

But in all this incongruous abundance you'll certanly find the links to expect It's just what is wanted: the tool, which is traditionally used to communicate automatically with interactive programs. And as it always occurs, there is unfortunately a little fault in it: expect needs the programming language TCL to be present. Nevertheless if it doesn't discourage you to install and learn one more, though very powerful language, then you can stop your search, because expect and TCL with or without TK have everything and even more for you to write scripts.

among these scripts there certainly will be those to cooperate with interactive applications such as telnet, ftp, su, password, ssh

As a result of all this in a couple of weeks I had a working version of empty (http://www.sourceforge.net/projects/empty) which allows to start interactive programs and communicate with them using FIFO-files

In this framework, a stream is a chain of coroutines that pass messages between a program and a device driver (or between a pair of programs)

empty is an utility that provides an interface to execute and/or interact with processes under pseudo-terminal sessions (PTYs). This tool is definitely useful in programming of shell scripts designed to communicate with interactive programs like telnet, ssh, ftp, etc.

can be easily invoked directly from shell prompt or script

#!/bin/sh
empty -f -i in -o out telnet foo.bar.com
empty -w -i out -o in "ogin:" "luser\n"

#!/usr/bin/expect

spawn telnet foo.bar.com 
expect ogin {send luser\r}

does not use TCL, Perl, PHP, Python or anything else as an underlying language is written entirely in C has small and simple source code can easily be ported to almost all UNIX-like systems

xargs -i sh -c 'test -f {} && echo {}'

If a program receives file names as arguments, don't join them with spaces. Use "$@" to access them one by one.

you can use "${@:1}" instead of shift, but that requires bash instead of sh in your #! shebang. IMHO your original shift approach is simpler and better

Given the deskopen script, you can use a reference to it as the shebang line in a .desktop file

Now this probably won't make difference in the real world (e.g. because the exit codes are not portable and on top of that not always unambiguous as discussed in Default exit code when process is terminated?)

In any case signal handling in shells is one of the least reliable and portable aspects. You'll find behaviours vary greatly between shells and often between different versions of a same shell. Be prepared for some serious hair pulling and head scratching if you're going to try to do anything non-trivial.

The parentheses always start a subshell. What's happening is that bash detects that sleep 5 is the last command executed by that subshell, so it calls exec instead of fork+exec. The sleep command replaces the subshell in the same process.

if the process does not react on a normal kill, you may want to add an additional kill -9 a few seconds afterwards.

IFRAME element may be a security risk if any page on your site contains an XSS vulnerability which can be exploited

${JSON.stringify(state)}

XSS mitigation

Never use x && y || z when y can return a non-zero exit status.

yell() { echo "$0: $*" >&2; } die() { yell "$*"; exit 111; } try() { "$@" || die "cannot $*"; }

If it's closing the "window" likely you're putting the exit # command inside a function, not a script. (In which case use return # instead.)

Bash (like all Bourne shells) has a special syntax for referring to the list of positional parameters one at a time, and $* isn't it. Neither is $@. Both of those expand to the list of words in your script's parameters, not to each parameter as a separate word.

However, this construct is not completely equivalent to if ... fi in the general case.

The potential problem: if second_task fails, third_task will not run, and execution will continue to the next line of code - next_task, in this example. This may be exactly the behavior you want. Alternatively, you may be intending that if second_task fails, the script should immediately exit with its error code. In this case, the best choice is to use a block - i.e., curly braces: first_task && { second_task third_task } next_task Because we are using the -e option, if second_task fails, the script immediately exits.

When people write COND && COMMAND, typically they mean "if COND succeeds (or is boolean true), then execute COMMAND. Regardless, proceed to the next line of the script." It's a very convenient shorthand for a full "if/then/fi" clause.

[[ -z "$a" || -z "$b" ]] && usage

It starts truncating it's output (shortening strings with ...) once you pipe it's output into grep. That is quite unacceptable. When I am checking if something is inhibited in a script, I should have all possible information available and not have to consider if a string will get truncated when being piped into a tool, that is perfectly readable on a wide terminal.

An even more general version that allows using find options:

{ read foo ; read filesystem size using avail prct mountpoint ; } < <(df -k /)

I have used this bash one-liner before set -- "${@:1:$(($#-1))}" It sets the argument list to the current argument list, less the last argument.

Scripts In addition to plug-ins, which are programs written in the C language, GIMP can also make use of scripts. The largest number of existing scripts are written in a language called Script-Fu, which is unique to GIMP (for those who care, it is a dialect of the Lisp-like language called Scheme). It is also possible to write GIMP scripts in Python or Perl. These languages are more flexible and powerful than Script-Fu; their disadvantage is that they depend on software that does not automatically come packaged with GIMP, so they are not guaranteed to work correctly in every GIMP installation.

Invert the exit code of a process. Make 0 into 1 and everything else into a 0. An alternative to ! some-command syntax present in some shells.

And I continue to tell people: Friends don't let friends write bash script.

\curl

As for exec, I am just using it because it makes sense to run the final command in the same process, replacing the wrapper script instead of spawning a new process. It's not strictly necessary.

100% VimL compatibility - we may not support all features of VimL plugins / configuration.

A shell script is a file of executable commands that has been stored in a text file. When the file is run, each command is executed.

I don't know what then, I just remember somehow. Around the same time I install renoise, I also install vim. Then in renoise I go to Help>Show Preferences Folder.... Then I right click on Config.xml, then edit in VIM. Then I /search for showscr or something like that. Change false into true, done. On windows sometimes I'm lazy and I just modify the one shortcut that I use to have --scripting-terminal or something as an argument. Also: if you really do a lot of (re)installs I would advise to back up your Config.xml anyway, just like the KeyBindings.xml, TemplateSong.xrns, etc, it'll save you a lot of time right?

In my opinion one of the key properties of a scripting language is not to be found in the language itself, but rather the tools that are used to deploy it. Traditionally a script in Perl or Python can just be run, without explicitly invoking a complex compilation and linkage script.