Joe Merante's Blog

(This was written and first published elsewhere in June 2020) Below are some resources that have been useful as I've been exploring the relationship between privacy by design and engineering.

(This was written and first published elsewhere in June 2020) The example below comes from a May 2020 workshop on using CodeQL. To set up CodeQL, you import code into a database to run queries against using the CodeQL language. The results of queries can be viewed inside Visual Studio Code. More resources here . The snippet below checks for potentially unsafe input to $ in jQuery plugins. In the older version of Bootstrap examined in the workshop, an xss vulnerability existed because the library didn't check whether actual DOM elements were being passed to $ , creating an xss sink. For example, when .text() is called in code like $(options.textSrcSelector).text() , an unsafe string passed to $ could be executed by jQuery. The workshop repo suggests one better way to refactor the code. The from/where/select syntax is a little SQL-y, you import javascript to get the autocomplete goodies in VS Code, use classes and predicates to organize and reuse code. Note that = is equalit

(This was written and first published elsewhere in June 2020) A few years ago I got really into d3.js while working on some front end-heavy projects, and still love to see the awesome work shared by its community. (Observable notebooks are 😻)

(This was written and first published elsewhere in June 2020) This concept comes from a book I really enjoyed reading last year, Secure by Design . The authors suggest using a "read-once object" to represent sensitive values to avoid unintentional use or data leakage.