Removing Constant Type Parameters

Removing Constant Type Parameters

I have an apply function of type apply[F,A,B](A => F[B]). I have a function T[C,B] where C is constant. Is there an idiomatic way to make T'[B] = T[C,B] so that I can use apply[T',A,B]? Is there a shortcut instead of just defining a new type?

Submitted February 21, 2018 at 09:23AM by averagecomment
via reddit

PSA: Keylogging with CSS (relevant to Scala.js UI libraries)

PSA: Keylogging with CSS (relevant to Scala.js UI libraries)

The problem:

Essentially, some libraries like React don't differentiate between DOM properties and DOM attributes, so when you say e.g. value := "myPassword", "myPassword" is put into the value attribute, which is 1) largely pointless, and 2) apparently dangerous because DOM attribute values can be read with a clever CSS injection, no JS injection required.

The github link demonstrates a Chrome extension stealing password from Instagram's login page with just CSS, which is not something you expect to be possible.

Scala.js libraries and interfaces to JS libraries are probably as vulnerable as JS libraries.

The way to solve this on a library level is not only to differentiate between DOM attributes and properties, but also to be aware of reflected attributes to keep usage simple for your users. Reflected attributes are attributes like "title" for which there is a property with exactly the same name ("title") that also behaves exactly the same. You don't want your library's users to have to think if they should use title the property or title the attribute, because there is no difference.

But you do want to offer them to set either value the property or value the attribute, because "value" is not a reflected attribute. The attribute behaves differently than the prop, more like defaultValue (only has effect if the user didn't edit the input field), and such a more proper name makes it obvious that you shouldn't write your password (or any input in response to user's actions, really) into defaultValue.

See Reflected Attributes section in Scala DOM Types docs for a less hurried explanation and links to more info. And yes, shameless plug – you definitely should use Scala DOM Types to provide DOM typings for your Scala.js UI library, for this and other reasons. It's already used by Outwatch and by Laminar.

While we're here, for another DOM vulnerability that is often glanced over, I present to you the good old rel := noopener.

Sigh. Isn't this frontend world just wonderful? 🙂

Submitted February 21, 2018 at 06:56AM by silentraquo
via reddit

Unexpected result

Unexpected result

package com.foobar abstract class Parent{ def initData():Unit def getData():String initData() val myData = getData() System.out.println(s"myData $myData") } class Weird extends Parent{ var data:String = null override def initData(): Unit = { data = System.currentTimeMillis().toString } override def getData():String = { data } } object Weird extends App{ val weird = new Weird() System.out.println(s"this data: ${weird.getData()}") } 

If you run this program what would "this data:".. be?

I get null. Can someone explain why?

Submitted February 21, 2018 at 05:37AM by blyxa
via reddit