3 June 2023
<iframe id="blankiframe"
title="blank iframe example"
width="0"
height="0"
sandbox="allow-scripts"
david kaye dfkaye
dfkaye
/ xslt-with-xhr-parse.js
Last active
August 16, 2025 01:26
Using XML, XSLT, XHR, to parse and serialize HTML in the browser
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // 19 June 2023 | |
| // Terri passed away | |
| // I got this to work | |
| // XSLT in the browser | |
| // 12 July 2023 | |
| // replaced DOMParser and "trusted" policy with async xhr parser | |
| // see https://gist.github.com/dfkaye/a83f89d7496bb669570a1de207b5b8d4 | |
| // 13-14 July 2023 |
dfkaye
/ call-or-apply.js
Created
July 12, 2023 20:51
call or apply: which do I use? tl;dr, use `f.apply([].concat(args));`
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // 11 July 2023 | |
| // call or apply: which do I use? | |
| // should I distinguish between a single argument vs. an array of arguments? | |
| // I've seen code like the following too many times used to determine whether to | |
| // use `call()` or `apply()` on a function based on the number of arguments to | |
| // be passed into that function: | |
| /* | |
| ``` |
dfkaye
/ async-parse-html.js
Last active
July 22, 2023 19:58
Parse HTML strings using XMLHttpRequest
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // gist 700! | |
| // 7 July 2023 | |
| // Using XHR to parse local HTML strings into DOM documents | |
| // to get around "trusted HTML" and other DOMParser/innerHTML hogwash. | |
| // 22 July 2023 | |
| // Added <img src="evil" onerror="alert('pwnd')"> | |
| // If src is blocked by CSP img-src or default-src, Firefox does not execute onerror, | |
| // but Chrome still executes it. |
dfkaye
/ setHTML.js
Last active
July 8, 2023 23:24
using Element.setHTML to get around the Trusted HTML CSP restriction
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // 7 July 2023 | |
| // using setHTML to get around the Trusted HTML CSP restricted apps. | |
| // Our HTML fragment text | |
| var source = ` | |
| <section id="x-fragment"> | |
| <fake>&& < < title</fake> | |
| <meta charset="UTF-8"> | |
| <script>alert(1);</script> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // 21 June 2023 | |
| // poc: create a worker that enforces access by address | |
| var source = ` | |
| self.address; | |
| self.onmessage = function (e) { | |
| console.warn("init"); | |
| if (e.data.action !== 'init') { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // 14 June 2023 | |
| // latest: 16 July 2023 | |
| // `touch` makes objects with dynamic access-definable pathnames, | |
| // for potentially deep undefined object paths in JavaScript, | |
| // using the Proxy constructor. | |
| // So instead of optional?.chaining, we can get a proxy as with |
dfkaye
/ array-equals.js
Last active
June 14, 2023 20:32
an equals function for comparing two arrays in JavaScript
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // 14 June 2023 | |
| // an equals function for comparing two arrays in JavaScript | |
| // how we compare two arguments for equality: | |
| // both are arrays | |
| // with same length | |
| // with same items at same indexes | |
| // why this does not exist in the JavaScript built-in space: sorting. |
dfkaye
/ blank-iframe.md
Last active
June 4, 2023 05:20
CURRENTLY FAILING: pass messages to iframes and back
dfkaye
/ phenomenology.md
Last active
November 30, 2023 00:37
phenomenology, frame, context, interpretation, model, reasoning....
21 May 2023
Thinking about this for a couple weeks.
- vase or two faces
- context switching
- frame analysis
- interpretation
- Johnson-Laird, principle of truth in mental models
- non-monotonic logic & default reasoning
dfkaye
/ parnas-lamport-metaphor.md
Last active
November 30, 2023 00:59
Parnas, Lamport, and metaphor
21 May 2023
Two giants. Both wrong. Tell me why.
Parnas: Software ages and decays and must be maintained, even corrected. https://www.cs.drexel.edu/~yfcai/CS451/RequiredReadings/SoftwareAging.pdf
Lamport: Software is a mathematical expression. Its correctness never changes.