Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I am currently preparing a talk about Polymer.dart and would like to give a short introduction to dart. There is one question I would like to be prepared for:
Will there be ever a dynamic code injection via <script> for dart?
This article says that there is currently no support for this for a good reason.
However, the currently relativizes the statement a bit and I wonder if there is anything planned in the future to support dynamic code injection?
If for example the "eval" command is introduced in Dart, then the answer is YES, Dart is vulnerable to injection attacks.
Javascript is in this regard like SQL: it has the same vulnerability than all other dynamically interpreted programming languages (this includes all shell scripts, PHP...), which I call "DATA IS CODE". Such languages have a concrete syntax which is meant for human consumption and their processing entails a first step which is called PARSING: the sequence of characters is broken down into an internal structure which describes the meaning of the expression, in a way which the computer can distinguish the DATA from the INSTRUCTIONS. It is the same problem that lead to the introduction of the NX (No-eXecute) bit on modern CPUs. Functions like "eval" open the door to malicious code to be executed with no constraint. Parsing code at runtime should NEVER be allowed in a secure language.
This is why Dart doesn't recomend the use of injections, as explained here:
https://www.dartlang.org/articles/embedding-in-html/#no-script-injection-of-dart-code
"No script injection of Dart code We do not currently support or
recommend dynamically injecting a tag that loads Dart code.
Recent browser security trends, like Content Security Policy, actively
prevent this practice."
But google should do more than that, and forbid it entirely, together with the "eval" command.
It is better to direct such questions to your crystal ball ;-)
Google is very reluctant to make statements about such things.
There were discussions in the past and they considered it and they might reconsider it eventually.
Currently the only option is to launch new isolates and even this is still work in progress and has still limitations that makes this feature hard to use (no access to the browser API for client isolates for example).
I'm not sure this question can really be answered; as it's probably not been decided.
Based on what's written in that page; I think it's very unlikely (especially as other rules, like one script tag, and a single main entry point).
But as with everything, things can change!
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 3 years ago.
Improve this question
I write the site parser on Python (I pull data from the pages, process it, perform various arithmetic operations that are generated with js). I use selenium + pure lxml where it is possible. But I am not happy with the performance.
I want write on the other programming language, more quickly. Only I do not know which one to choose.
Someone writes that Scala does everything, someone says that C++ (not even C), someone for Assembler, someone for Rust, Perl, PHP... In general, I'm confused ... What faster parses a dynamic site?
Assuming the pages being scraped are not in your local network (and maybe even if they are, depending on how they are generated), it's likely that the slowest part of your scrape will be waiting for the page to be sent over the network.
Since you're scraping multiple pages, the simplest way of speeding up the process is to scrape multiple pages in parallel, so that it is not necessary to wait for one page to finish before you start downloading the next one.
Any language which allows parallel processing would work, but even if the language doesn't support it, you could run several scraping processes in parallel using a standard shell.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
EDIT:
This is a very old question, when escaped_fragment was necessary for search engines, but nowadays, search engines do understand Javascript very well, so this question becomes irrelevant.
===========
I was wondering how much SEO friendly could Polymer be.
As all the code is fully dynamic like Angular, how can the search engines pick up the information of the page? Because also doing things in Angular, I really had a hard time making it SEO friendly.
Will there be a tool to generate the escaped_fragment automatically to feed the search engines?
I guess Google may have thought of the solution, but I wasn't able to find it (even on Google).
According to the Polymer FAQ all we have is
Crawlers understand custom elements? How does SEO work?
They don’t. However, search engines have been dealing with heavy AJAX based application for some time now. Moving away from JS and being more declarative is a good thing and will generally make things better.
http://www.polymer-project.org/faq.html#seo
Not very helpful
This question has bothered me also. The polymer team has this to say about it, looks promising!
UPDATE
Also figure it's worth adding some context from the conversation on the polymer list, with some helpful information as to the status from Eric Bidelman.
Initial examination of the structure of the Polymer site suggests that it serving up static content with shadow-DOM content already inlined in the page. Each HTML file can be loaded from the server directly, via HTTP GET, and subsequent navigation uses pushState (documentation) to inject pages into the current DOM if pushState and JavaScript is supported.
It's recommended to use pushState over _escaped_fragment_, since it's slightly less messy, but you'll still need to do regular templating on the server. See The Moz Blog for more information on this.
DISCLAIMER
I may have missed or misinterpreted some things here, and this is just a quick peek at the guts of the page, but hopefully this helps.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
Currently I am reading a book about Software Development Engineering. In the chapter one of this book it says:
Synthesis is a productivity mechanism for developing software by which the implementation is generated rather than created manually.
It confuses me and I couldn't find any clear explanation about it in the Internet.
So can anyone tell me a real world example for it in programming fields? And also if it is something like a code generator (e.g. Ruby on Rails command line for creating project directories and code files automatically); what is its difference with metaprogramming?
Thanks.
Synthesis is a productivity mechanism for developing software by which the implementation is generated rather than created manually.
This is true though this does not mention what "Synthesis in programming" really is. Programming Synthesis means dealing with the aspects of the software development process
which can, at least in principle, be automated. Its goal is to mechanically synthesize correct and efficient computer code from declarative specifications. As stated by this article.
Basically it means that you specify a specification to, for example a synthesis machine, which will generate output (code) based on the specification you gave it.
The major difference between code synthesis and code generation is that code synthesis happens at runtime.
Program synthesis is a special form of automatic programming. Automatic programming you may consider in robotics where program is written using artificial intelligence in such a way that other tasks are carried out automatically. It means if you write a code for 1+2 it will give you 3. so you do not have to write special code for 5+6 to get 11.
For more info refer http://en.wikipedia.org/wiki/Program_synthesis
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I am familiar with Perl's strong parsing abilities using regular expressions.
Is it efficient?
What other languages have strong parsing ability and perform efficiently?
You can have a look at this benchmark which shows how different programming languages perform with regards to memory consumption and speed.
SNOBOL and Icon are two other languages devoted to manipulate strings. The first one is rather old while the second is not used much.
Anyway, I would start from your problem. Depending what are you trying to achieve (and you constraints) you might discover that even AWK, sed or gema would be a perfect match for your needs. Or not ...
I would dare to say that if parsing is so prominent in your task, you might benefit from using a parser generator (lex/yacc, ANTLR, lemon, ...).
Pretty much all modern languages have regular expressions that are relatively efficient: Java, C#, PHP, Python, even Javascript (amongst others).
I would say Python.
EDIT: I came across pystring, in case you're working in C++ but seek the flexibility of Python strings.
Powerbasic is well worth checking out. They have two versions. The Console Compiler would be ideal if you do not need GUI.
It is not on the Benchmark link above but it is extremely fast. I use it extensively for writing utilities to do specialized tasks.
Most languages these days have fast regexp libraries that you can use for your purposes. Perl's strength is that these are integrated into the language itself so you can do a lot of string processing with just the language core (as opposed to say, Python where it's a separate module).
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
What issues or gotchas will I run into if I develop web applications in Lua; is there anything I should be aware of before starting?
Any experience with developing Lua web applications?
The web application framework based on Lua that gets a lot of discussion in the Lua community is the Kepler project. The Kepler team provides integration with web servers (especially Apache), a web server of their own, useful modules, and a working MVC application framework called Orbit.
Several other projects work with or on top of Kepler's foundation. A prominent one that demonstrates that Kepler can be used for real work is Sputnik, a very flexible and extensible CMS that functions as a Wiki out of the box but which can be extended to do many other things.
Speaking from personal experience, I built a control interface for an embedded system using Kepler's Lua Pages to render and process the forms and reports without much hassle as only my second or third real Lua project. That system is still in use and I would do it again.
take a look at http://openresty.com/ (nginx and lua/luajit, async)
Go ahead and give it a shot! Lua is a very nice language.
Another MVC framework based on Lua is also Luci.
Interesting concept. I think one of the things you need to consider is which webserver do you plan to use? I think the webserver support for Lua would be flaky at best, no offense to anyone involved but its just not a common web platform.
With that said, however, the Lua Libraries And Bindings lists quite a few components that you could seemingly leverage for your efforts. I looked the list over and all things common to the web are there: databases, regex, network, zip, crypto, xml, images, etc. There's even a couple of web frameworks, so perhaps this is less rare than I thought?