- Don't run as root.
- For sessions, set
httpOnly(andsecuretotrueif running over SSL) when setting cookies. - Use the Helmet for secure headers: https://github.com/evilpacket/helmet
- Enable
csrffor preventing Cross-Site Request Forgery: http://expressjs.com/api.html#csrf - Don't use the deprecated
bodyParser()and only use multipart explicitly. To avoid multiparts vulnerability to 'temp file' bloat, use thedeferproperty andpipe()the multipart upload stream to the intended destination.
Jeremy Buis jeremybuis
caged
/ d3-server.js
Last active
October 17, 2023 04:05
Directly render and serve d3 visualizations from a nodejs server.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Start `node d3-server.js` | |
| // Then visit http://localhost:1337/ | |
| // | |
| var d3 = require('d3'), | |
| http = require('http') | |
| http.createServer(function (req, res) { | |
| // Chrome automatically sends a requests for favicons | |
| // Looks like https://code.google.com/p/chromium/issues/detail?id=39402 isn't | |
| // fixed or this is a regression. |
ralfharing
/ exportjson.js
Last active
March 2, 2023 16:40
— forked from pamelafox/exportjson.js
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Includes functions for exporting active sheet or all sheets as JSON object (also Python object syntax compatible). | |
| // Tweak the makePrettyJSON_ function to customize what kind of JSON to export. | |
| var FORMAT_ONELINE = 'One-line'; | |
| var FORMAT_MULTILINE = 'Multi-line'; | |
| var FORMAT_PRETTY = 'Pretty'; | |
| var LANGUAGE_JS = 'JavaScript'; | |
| var LANGUAGE_PYTHON = 'Python'; |
christophermanning
/ README.md
Last active
December 14, 2015 03:29
— forked from gtb104/README.markdown
d3.js polybrush.js
Forked from: https://gist.github.com/gtb104/3667340
Here's a d3 plugin that allows you to create a polygon selection. You instantiate it just like d3.svg.brush.
var brush = d3.svg.polybrush();It has an extra public method that 'brush' does not, and that's 'isWithinExtent(x, y)'. You can use this method to test if a given point falls within the drawn extent.
if (brush.isWithinExtent(x, y)) {
console.log("I'm inside!");
In August 2007 a hacker found a way to expose the PHP source code on facebook.com. He retrieved two files and then emailed them to me, and I wrote about the issue:
http://techcrunch.com/2007/08/11/facebook-source-code-leaked/
It became a big deal:
http://www.techmeme.com/070812/p1#a070812p1
The two files are index.php (the homepage) and search.php (the search page)
I just had to set up Jenkins to use GitHub. My notes (to myself, mostly):
For setting up Jenkins to build GitHub projects. This assumes some ability to manage Jenkins, use the command line, set up a utility LDAP account, etc. Please share or improve this Gist as needed.
- get both the git and github plugin
- http://wiki.jenkins-ci.org/display/JENKINS/Git+Plugin
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <title>Render Queue</title> | |
| <style type="text/css"> | |
| html, body { background: #f7f7f7; height: 100%; margin: 0; padding: 0; color: #b6b6b6; font-family: Ubuntu, Helvetica, sans-serif; font-size: 15px; line-height: 1.35em;} | |
| a { color: #6be; text-decoration: none; } | |
| #canvas { position: fixed; } | |
| #center { position: absolute; top: 0; left: 0; margin: 40px; width: 520px; padding: 20px; background: #444; background: rgba(0,0,0,0.9); border-radius: 8px;} | |
| h1 { margin-top:0; padding: 3px 0; font-size: 1.4em; } | |
| h1, h3 { color: #f9f9f9; border-bottom: 1px solid #333; } | |
| h3 { font-size: 1em; } |
hellerbarde
/ latency.markdown
Created
May 31, 2012 13:16
— forked from jboner/latency.txt
Latency numbers every programmer should know
L1 cache reference ......................... 0.5 ns
Branch mispredict ............................ 5 ns
L2 cache reference ........................... 7 ns
Mutex lock/unlock ........................... 25 ns
Main memory reference ...................... 100 ns
Compress 1K bytes with Zippy ............. 3,000 ns = 3 µs
Send 2K bytes over 1 Gbps network ....... 20,000 ns = 20 µs
SSD random read ........................ 150,000 ns = 150 µs
Read 1 MB sequentially from memory ..... 250,000 ns = 250 µs
dperini
/ regex-weburl.js
Last active
April 15, 2025 13:05
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // Regular Expression for URL validation | |
| // | |
| // Author: Diego Perini | |
| // Created: 2010/12/05 | |
| // Updated: 2018/09/12 | |
| // License: MIT | |
| // | |
| // Copyright (c) 2010-2018 Diego Perini (http://www.iport.it) | |
| // |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //// setup.js -- add packages to require.paths | |
| /// | |
| /// Manage library folders and external dependency folders in your | |
| /// project by including setup.js in your project. Call it from the | |
| /// beginning of your project's entry-point to adjust require.paths. | |
| /// | |
| /// For example, if you're making an application structured like this: | |
| /// | |
| /// README | |
| /// app.js # main program |