Application group at dayjob ran into a guardrail today.
They need an FE-generated ID token, low-security, unique in a low-volume setting. Sounds like a UUID to me!
But.
`crypto.randomUUID()`, in order to prevent low-security IDs being used where high-security is needed, is not accessible outside a secure context, and the application in question runs in an insecure context.
On the core team, our go-to “unique-enough id” is nanoid. nanoid is pretty spiffy; if available, it’ll use the browser crypto API to generate good-quality entropy and good random numbers. But! If not available, it’ll fall back, all the way to Math.random() if it needs to.
Secure? No! But not everything is a health info transfer, sometimes we just need a quick and handy number to tie some stuff together.
Moral of the story:
If you prevent your user (user-developer) doing dangerous things, you’ll also prevent them doing clever things. Document the scary bits and mark the holes, but don’t put up impassible guardrails or users will just find another way.
Tag: JavaScript
Full 1.0.0 release: Fedi-follow Widget
My Fedi-Follow widget is ready for a full 1.0.0 release!
The widget provides an interface for Fediverse users to easily follow or share a url from their home instance. It’s the first stage in my plan to make it easier to integrate Fediverse sharing and following into other platforms, like WordPress or other site engines.
Continue reading “Full 1.0.0 release: Fedi-follow Widget”Open-Source: Covidbot-Ontario
I built a #MastoBot to post local #Covid19 numbers. In the process, I found Ontario Public Health's data feeds and ended up building something much more generic and reusable than I initially intended. Aside from the very local hospitalization and ICU numbers from KHSC, the Ontario feeds can be filtered to be useful anywhere in the province.
Continue reading “Open-Source: Covidbot-Ontario”MastoBot 0.1.0-2
I've published another prerelease of #MastoBot to #npm; this prerelease expands coverage of the MastoBotAPI class and significantly improves method documentation coverage.
Continue reading “MastoBot 0.1.0-2”Collect a keypress in a bash githook
After a flurry of accidental pushes direct to the main branch at work, I decided we need a technical solution. The obvious answer would be to use GitLab’s protected branches, but that’s not practical at our org. Next best: a #githook to check the branch one is committing to, and have the user confirm or cancel as the case may be.
Continue reading “Collect a keypress in a bash githook”Get a Keypress in NodeJS
This turned out to be surprisingly difficult to find an answer for; I wanted to, in a node terminal program, wait for and return a single keypress.
Continue reading “Get a Keypress in NodeJS”Mastobot Beta 0.1.0-0
I've released an initial beta of #MastoBot to #npm.
MastoBot is a #JavaScript client library for #Mastodon. It offers 3 levels of helpers to communicate with a Mastodon instance.
Continue reading “Mastobot Beta 0.1.0-0”JavaScript Stuff
I've posted a new site section with my [tag]JavaScript[/tag]/DHTML creations, such as [tag]Pong[/tag] and a new one: John Conway's [tag]Game of Life[/tag].
» JavaScript Creations