373: Script Injection with Cloudflare Workers

Posted on by Mark Feehily0

This week Shaw and Chris dig into some deepnerd tech stuff: manipulating HTML. In a perfect world, perhaps we wouldn’t need to, but today, and even moreso in the foreseeable future of CodePen, we need to do a smidge of HTML manipulation on the HTML that you write or that is generated by code you write on CodePen. A tiny example is removing the autofocus attribute when a Pen in shown in a grid view <iframe>. A more significant example is that we need to inject some of our own JavaScript into your Pen, to power features of CodePen itself, like the console, which receives information from your rendered page (like logs, errors, etc) and can push commands to execute as well.

So how do we inject a <script> into absolutely 100% arbitrary HTML? Well, it’s tricky. We’re starting to do it with Cloudflare Workers and the HTMLRewriter stuff they can do. Even then, it’s not particularly easy, with lots of edge cases. Thank gosh for Miniflare for the ability to work on this stuff locally and write tests for it.

Time Jumps

00:22 Let’s talk Messing with HTML

03:07 Reasons for messing with HTML

05:48 How and when to inject a script

10:14 Where we show your profile page

14:17 Using Cloudflare workers

18:52 Testing

The post 373: Script Injection with Cloudflare Workers appeared first on CodePen Blog.

Flatlogic Admin Templates banner

.NET Framework October 2021 Security and Quality Rollup

Posted on by 0

Yesterday, we released the October 2021 Security and Quality Rollup for .NET Framework.

Security

The October Security and Quality Rollup does not contain any new security fixes. See February 2021 Security and Quality Rollup for the latest security updates.

Quality and Reliability

This release contains the following quality and reliability improvements.

CLR1

Addresses a performance issue caused by incorrect configuration in the GC.

The existing memory pressure algorithm used in the GC.AddMemoryPressure API is triggering induced GC too aggressively. This update provides an alternative algorithm that is less aggressive. An application can opt into the new algorithm, by setting:COMPlus_GCNewMemoryPressure environment variable to 1This is applicable for any application that use the GC.AddMemoryPressure API.

1 Common Language Runtime (CLR)

Getting the Update

The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, and Microsoft Update Catalog.

Microsoft Update Catalog

You can get the update via the Microsoft Update Catalog. For Windows 10, NET Framework 4.8 updates are available via Windows Update, Windows Server Update Services, Microsoft Update Catalog. Updates for other versions of .NET Framework are part of the Windows 10 Monthly Cumulative Update.

**Note**: Customers that rely on Windows Update and Windows Server Update Services will automatically receive the .NET Framework version-specific updates. Advanced system administrators can also take use of the below direct Microsoft Update Catalog download links to .NET Framework-specific updates. Before applying these updates, please ensure that you carefully review the .NET Framework version applicability, to ensure that you only install updates on systems where they apply.

The following table is for Windows 10 and Windows Server 2016 and newer versions.

Product Version
Cumulative Update

Windows 11

.NET Framework 3.5, 4.8
Catalog
5005537

Microsoft server operating systems version 21H2

.NET Framework 3.5, 4.8
Catalog
5005538

Windows 10 21H1

.NET Framework 3.5, 4.8
Catalog
5005539

Windows 10, version 20H2 and Windows Server, version 20H2

.NET Framework 3.5, 4.8
Catalog
5005539

Windows 10 2004 and Windows Server, version 2004

.NET Framework 3.5, 4.8
Catalog
5005539

Windows 10 1909

.NET Framework 3.5, 4.8
Catalog
5005541

Windows 10 1809 (October 2018 Update) and Windows Server 2019

5006765

.NET Framework 3.5, 4.7.2
Catalog
5005543

.NET Framework 3.5, 4.8
Catalog
5005540

Windows 10 1607 (Anniversary Update) and Windows Server 2016

.NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2
Catalog
5006669

.NET Framework 4.8
Catalog
5006065

 

The following table is for earlier Windows and Windows Server versions.

Product Version
Security and Quality Rollup

Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2

5006763

.NET Framework 3.5
Catalog
4578953

.NET Framework 4.5.2
Catalog
4578956

.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2
Catalog
5006064

.NET Framework 4.8
Catalog
5006067

Windows Server 2012

5006762

.NET Framework 3.5
Catalog
4578950

.NET Framework 4.5.2
Catalog
4578954

.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2
Catalog
5006063

.NET Framework 4.8
Catalog
5006066

Windows 7 SP1 and Windows Server 2008 R2 SP1

5006761

.NET Framework 3.5.1
Catalog
4578952

.NET Framework 4.5.2
Catalog
4578955

.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2
Catalog
5006061

.NET Framework 4.8
Catalog
5006060

Windows Server 2008

5006764

.NET Framework 2.0, 3.0
Catalog
4578951

.NET Framework 4.5.2
Catalog
4578955

.NET Framework 4.6
Catalog
5006061

 

Previous Monthly Rollups

The last few .NET Framework Monthly updates are listed below for your convenience:

.NET Framework August 2021 Security and Quality Rollup
.NET Framework July 2021 Cumulative Update Preview
.NET Framework July 2021 Security and Quality Rollup
.NET Framework June 2021 Cumulative Update Preview

The post .NET Framework October 2021 Security and Quality Rollup appeared first on .NET Blog.