Leon Si leonsilicon

My Security Conclusions

I've been thinking about security in my apps, and unfortunately there's a ton of conflicting advice on the Internet about security, so I need to write out my conclusions in one place so I don't have to end up going through the security-googling spiral again every time I need to implement security for my app.

Based on what I've read, security on the web is founded on the idea that the user's webpage could be compromised at any time, and there are certain steps you can take to prevent the user from falling victim to a successful XSS attack. One of these precautions is a cookie.

Cookies

Based on my understanding, the security of cookies come from the guarantees enforced by the browser: that httpOnly cookies can't be accessed and changed from JavaScript, thus becoming safe from an XSS attack. In theory, you could create a browser that doesn't obey these rules, but this wouldn't be an issue because nobody (except you) would be using these browsers. This also holds true for other

Keybase proof

I hereby claim:

I am leonzalion on github.
I am leonzalion (https://keybase.io/leonzalion) on keybase.
I have a public key ASCGfadAzcyW0S1ee6toMAw9kvpbq4i7WmmJ3PPIYvG-oAo

To claim this, I am signing this object:

	<!DOCTYPE html>
	<html lang="en">
	<head>
	<meta charset="UTF-8" />
	<link rel="icon" href="/favicon.ico" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
	</head>
	<body>
	<div id="app"></div>
	<script type="module" src="/src/main.ts"></script>

	<!DOCTYPE html>
	<html>
	<head>
	<script>
	sessionStorage.redirect = location.href;
	const projectPages = true; // If you're using the base .github.io domain without a path (i.e. <name>.github.io is your home page), set this to false
	const l = window.location;
	const repo = projectPages ? '/' + l.pathname.split('/')[1] : '';
	l.replace(
	l.protocol + '//' + l.hostname + (l.port ? ':' + l.port : '') + repo

	TypeScript 26 hrs 28 mins █████████▊░░░░░░░░░░░ 46.7%
	Vue.js 7 hrs 53 mins ██▉░░░░░░░░░░░░░░░░░░ 13.9%
	TOML 5 hrs 31 mins ██░░░░░░░░░░░░░░░░░░░ 9.7%
	Rust 3 hrs 43 mins █▍░░░░░░░░░░░░░░░░░░░ 6.6%
	C++ 3 hrs 10 mins █▏░░░░░░░░░░░░░░░░░░░ 5.6%

	/*
	Instructions:
	Go onto typeracer.com and press the `My Scores` tab
	Then go to https://code.jquery.com/jquery-3.5.1.slim.min.js and copy paste the code into the console
	Then copy paste this code into the console
	Wait a few minutes (depending on how many races you did)
	At the end, it should output your race data. If not, type `statsString` into the console
	*/

	var statsString = '';

	#ifdef ONLINE_JUDGE
	#include <bits/stdc++.h>
	using namespace std;
	// Shortening STL container's member functions' names
	#define R(f,t)template<typename...S>inline auto t(S&&...a)->decltype(this->f(forward<S>(a)...)){return this->f(forward<S>(a)...);}
	#define alias(f,t) using t = f;
	#define t_alias(f, t) template<typename ...T> using t = f<T...>;
	#define iterator_aliases R(begin,b);R(end,e);R(rbegin,rb);R(rend,re);R(cbegin,cb);R(cend,ce);R(crbegin,crb);R(crend,cre);
	#define unordered_aliases R(find,f);R(count,c);R(emplace,m);R(insert,i);R(erase,er);R(clear,cl);
	#define ordered_aliases unordered_aliases;R(lower_bound,lb);R(upper_bound,ub);R(equal_range,eqr);

	// View the application in action at the following link: https://docs.google.com/spreadsheets/d/1N69GtA6hKS8vg77rJm-12OJihQihVyvWPkg6ZFk827U

	function rescueTime() {
	// Returns the date formatted in the form YYYY-MM-DD
	function formatDate(d) {
	return d.getFullYear() + "-" + ("0"+(d.getMonth()+1)).slice(-2) + "-" + ("0" + d.getDate()).slice(-2);
	}

	// Returns the time (in seconds) formatted in the form [hours]h [minutes]m
	function formatTime(t) {