XSS対策としての ES6テンプレートリテラル Shibuya.XSS Yosuke HASEGAWA ES6テンプレートリテラル ES6テンプレートリテラル ❤バッククォートで囲って改行も含められ る var x = `改行も ダブルクォート「"」も シングルクォート「'」も 使えるよ!`; alert( x ); ES6テンプレートリテラル ❤ヒアドキュメントというには少し残念 ❤円記号でのエスケープが生きてる… var x = `改行も¥nバッククォート¥`も ¥¥も使えるよ!`; alert( x ); ES6テンプレートリテラル ❤リテラル内に${...}で埋め込んだ式を評価 var name = "hasegawa"; var x = `Hello, ${name}-san`; console.log( x ); // "Hello, hasegawa-san" x = `ab
タグ
- すべて
- 5G (18)
- CA (16)
- CQRS (5)
- CT (7)
- DB設計 (10)
- DDD (14)
- DNS (24)
- Firefox (24)
- H264 (5)
- HAProxy (6)
- IntersectionObserver (6)
- NSA (5)
- RDB (34)
- SIer (5)
- SNS (8)
- TURN (5)
- WAI-ARIA (11)
- WebKit (5)
- a11y (61)
- ad (7)
- agile (16)
- ajax (15)
- algorithm (10)
- amazon (5)
- amd (6)
- amp (50)
- android (7)
- angular.js (89)
- angular2 (19)
- apache (10)
- api (46)
- appengine (8)
- applicationcache (8)
- architecture (13)
- ascii (7)
- asm.js (8)
- assert (6)
- ast (16)
- async (37)
- audio (10)
- auth (8)
- await (7)
- aws (111)
- babel (12)
- backbone.js (28)
- bacon.js (7)
- bash (8)
- benchmark (22)
- bgm (14)
- bigdata (21)
- bigquery (7)
- bitcoin (12)
- blinkon7 (7)
- blog (9)
- bnf (6)
- book (17)
- bootstrap (24)
- bower (6)
- brotli (9)
- browser (42)
- browserify (14)
- c (9)
- c++ (7)
- cache (49)
- cafe (10)
- cancelable promise (8)
- canvas (5)
- capistrano (10)
- cassandra (9)
- cdn (14)
- cgo (10)
- channel (8)
- cheatsheet (5)
- chef (24)
- chrome (53)
- chromium (6)
- ci (21)
- closure (9)
- cloud (33)
- cluster (5)
- coffeescript (10)
- color (12)
- command (11)
- commonjs (5)
- community (6)
- compiler (5)
- concurrent (10)
- conference (5)
- conferenece (7)
- connect (8)
- cookie (19)
- coreos (5)
- cors (8)
- couchdb (17)
- coverage (6)
- cpu (9)
- crime (11)
- cron (7)
- cross2013 (6)
- cross2014 (13)
- crypto (15)
- csp (35)
- csrf (6)
- css (114)
- css grid (12)
- csv (7)
- curl (6)
- daemon (8)
- dart (15)
- data mining (6)
- database (35)
- date (5)
- debug (15)
- deep learning (9)
- deferred (10)
- deploy (8)
- design (37)
- design pattern (6)
- development (31)
- devops (17)
- devtools (29)
- di (7)
- diff (10)
- docker (98)
- document (9)
- dom (10)
- dtls (23)
- dynamodb (14)
- e2e (7)
- ec2 (7)
- ecmascript (11)
- edge (11)
- editor (7)
- ejs (6)
- elb (7)
- electron (33)
- elixir (11)
- elm (7)
- emacs (13)
- email (15)
- emoji (8)
- erlang (52)
- error (47)
- es5 (8)
- es6 (80)
- es7 (8)
- eslint (6)
- event (8)
- eventemitter (5)
- exception (12)
- express (27)
- extendthewebforward (13)
- facebook (10)
- fastly (5)
- fetch (23)
- flash (5)
- flexbox (11)
- flowtype (17)
- fluentd (18)
- flux (47)
- font (29)
- food (36)
- form (28)
- framework (18)
- frp (16)
- functional (19)
- gae (8)
- gc (12)
- gcp (6)
- gdb (5)
- gem (5)
- generator (12)
- gif (6)
- git (99)
- git-flow (5)
- github (53)
- gmail (5)
- gnu (5)
- golang (418)
- google (40)
- graph (11)
- graphite (5)
- graphql (16)
- grid (9)
- grpc (13)
- grunt (8)
- gulp (21)
- h2o (8)
- hadoop (30)
- hash (5)
- haskell (76)
- hbase (7)
- header (5)
- health (5)
- heroku (5)
- history (10)
- hls (9)
- houdini (13)
- hpack (5)
- hpkp (11)
- hsts (22)
- html (55)
- html imports (5)
- html5 (63)
- http (105)
- http2 (261)
- http2.0 (84)
- https (78)
- ice (7)
- icon (10)
- ie (14)
- ietf (8)
- image (23)
- immutable (5)
- import() (6)
- indexeddb (8)
- internet (7)
- io.js (7)
- iot (6)
- iphone (10)
- ipv6 (12)
- isomorphic (8)
- isucon (17)
- java (29)
- javascript (351)
- jenkins (16)
- jetty (5)
- join (5)
- joyent (7)
- jquery (31)
- jsconf (20)
- json (49)
- jsonschema (9)
- jsx (15)
- jwt (8)
- karma (7)
- kernel (6)
- keyboard (5)
- kvs (5)
- let's encrypt (22)
- leveldb (5)
- libuv (5)
- license (34)
- life (5)
- lint (9)
- linux (62)
- llvm (12)
- loadbalance (13)
- log (11)
- lua (13)
- lxc (7)
- mac (19)
- map (5)
- mapreduce (11)
- markdown (23)
- memcached (21)
- memory (15)
- meteor (11)
- microservices (14)
- mobile (7)
- mock (11)
- module (12)
- modules (58)
- monad (35)
- mongodb (54)
- monitoring (22)
- movie (7)
- mozaicfm (41)
- mozilla (11)
- mqtt (37)
- msgpack (6)
- music (38)
- mvc (25)
- mvvm (8)
- mysql (60)
- nat (6)
- netflix (5)
- network (43)
- nextwebconf (8)
- nginx (87)
- node.js (534)
- nodeconf (29)
- nodejitsu (8)
- nodejs (5)
- nosql (32)
- npm (44)
- null (5)
- oauth (21)
- observable (10)
- offline (5)
- oop (21)
- openid (19)
- openssl (27)
- operation (10)
- oracle (6)
- orm (10)
- ortc (26)
- os (6)
- oss (39)
- p2p (15)
- pagespeed (5)
- parser (9)
- password (19)
- pattern (9)
- paxos (10)
- payment (14)
- pdf (11)
- performance (286)
- phantomjs (5)
- picture (13)
- pjax (6)
- podcast (7)
- polymer (16)
- postcss (6)
- postgresql (19)
- prefetch (12)
- preload (11)
- presentation (21)
- priority (5)
- privacy (20)
- process (7)
- programming (14)
- promise (42)
- protocol (5)
- prototype (8)
- proxy (36)
- pubsub (6)
- puppet (5)
- push (21)
- pushapi (8)
- pwa (36)
- python (27)
- queue (9)
- quic (57)
- rack (6)
- rails (173)
- rails3 (27)
- rails4 (15)
- rails5 (11)
- react (205)
- react-router (6)
- reactive (34)
- realtime (8)
- redis (47)
- redux (44)
- regexp (23)
- relay (7)
- rendering (5)
- require (6)
- resize observer (7)
- rest (63)
- restful (10)
- review (16)
- rfc (10)
- riak (17)
- rspec (13)
- rss (7)
- rtp (7)
- ruby (65)
- rust (19)
- rvm (6)
- rxjs (16)
- safari (6)
- scala (8)
- scalability (24)
- scroll (14)
- sdp (5)
- search (78)
- security (439)
- selenium (19)
- semantics (9)
- seo (13)
- sequrity (8)
- server (10)
- serviceworker (91)
- session (7)
- sfu (10)
- sha1 (12)
- shadow dom (9)
- shell (24)
- slide (38)
- social game (9)
- socket (12)
- socket.io (62)
- spa (8)
- spanner (7)
- spdy (153)
- sprockets (10)
- sql (32)
- sqlinjection (8)
- srcset (9)
- sse (9)
- ssh (20)
- ssl (18)
- ssr (12)
- status code (8)
- storage (12)
- strace (6)
- stream (52)
- stun (5)
- styleguide (14)
- svc (24)
- svg (25)
- swagger (6)
- syntaxhilight (5)
- systemd (11)
- tag (5)
- tc39 (7)
- tcp (33)
- tcpfastopen (15)
- tdd (28)
- template (14)
- testing (136)
- thread (9)
- tls (100)
- tls1.3 (29)
- tmux (13)
- tool (17)
- transaction (6)
- tuning (6)
- turbolinks (6)
- tutorial (18)
- twitter (31)
- typescript (37)
- ubuntu (7)
- udp (8)
- ui (25)
- unicode (27)
- unix (7)
- url (13)
- utf8 (8)
- ux (9)
- v8 (28)
- vagrant (13)
- validation (10)
- video (6)
- vim (31)
- virtualdom (10)
- vp9 (5)
- vue.js (27)
- w3c (22)
- wasm (55)
- web (99)
- web design (5)
- web extensions (5)
- web service (15)
- webcomponents (63)
- webfont (6)
- webgl (6)
- webp (19)
- webpack (41)
- webpush (7)
- webrtc (234)
- websocket (164)
- webvr (11)
- webworker (6)
- whatwg (21)
- wifi (18)
- windows (16)
- wireshark (14)
- www (5)
- xhr2 (8)
- xss (34)
- yarn (5)
- yesod (5)
- zsh (13)
- あとで読む (285)
- お金 (22)
- その他 (8)
- まとめ (18)
- ステッカー (8)
- ツール (7)
- ネタ (29)
- ネット (13)
- ペアプロ (6)
- マイナンバー (5)
- 仕事 (9)
- 作図 (5)
- 例外 (25)
- 分散処理 (16)
- 労働 (6)
- 圏論 (5)
- 型 (6)
- 教育 (99)
- 文字コード (17)
- 文書校正 (17)
- 新人研修 (16)
- 映画 (22)
- 機械学習 (10)
- 正規化 (7)
- 画像 (15)
- 素材 (21)
- 統計 (15)
- 考え方 (185)
- 英語 (18)
- 著作権 (12)
- 設計 (11)
- 読み物 (6)
- 負荷テスト (14)
- 転職 (12)
- 面接 (6)
- node.js (534)
- security (439)
- golang (418)
- javascript (351)
- performance (286)
- あとで読む (285)
- http2 (261)
- webrtc (234)
- react (205)
- 考え方 (185)
xssとtemplateに関するJxckのブックマーク (1)
-
Jxck 2015/02/16
やるとするとこういう感じかなぁ。 http://teppeis.hatenablog.com/entry/2014/11/es6-template-literals- template
- es6
- xss
リンク -
1
公式Twitter
- @HatenaBookmark
リリース、障害情報などのサービスのお知らせ
- @hatebu
最新の人気エントリーの配信
処理を実行中です
キーボードショートカット一覧
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
設定を変更しましたx