I want to make a button in HTML that would do the equivalent of entering a specific command into the Chrome console. How would you go about doing this?
Before you read this know that: Using such methods and specially eval() ARE NOT recommended at all due to a massive range of huge problems including major security holes and performance issues (please read everything wrong with eval and eval docs as well). therefore please consider other methods or share more details so we may suggest better solutions.
For your case most of the codes should be executable with the example below and the output will be shown in console. (document.querySelector('botton') can be replaced with your desired code)
function exec(code){
console.log(Function(`return (${code})`)())
}
<button onclick="exec(`document.querySelector('button')`)">Test</button>
As far as I know the code above is extremely vulnerable
Related
One common use-case while writing documentation is to have examples of command output. Some tools also product ANSI (colored) output, so there is a real need to show output using their original colors.
Still I was not able to get command output into code blocks in mkdocs, something that worked quite fine with Sphinx via command-output extension.
Any idea on how this can be achieved? I really want to avoid the screenshot route.
Putting aside the security implications of running a script someone gives me, how can I tell, in advance, that the script requires a certain number of arguments? Without reading the code.
If someone just gives me a script, is there a way to know that it takes 4 arguments or whatever the case may be?
I guess I am looking for a best practices answer. I am obviously not a developer and just curious as to how some things are done.
What kind of script you want to know ? Shell or Windows Batch or Ruby or Python ?
For scripts in Python, It's impossible to know the number of arguments without reading the code. In Python, we can pass any arguments into Python script. The script determines whether to use them.
It's expected etiquette that the script's author(s) provide documentation describing some or all of: the script's purpose, expected arguments and operational modes.
Some scripts generate an abbreviated usage message (listing accepted arguments) when run with an appropriate help switch, eg theScript -h, theScript --help or theScript /?.
Scripts that form part of an installable tool, package or application may have an associated "manpage" (man theScript) or published documentation, eg hypertext pages, text files, printed manuals or pages on the Internet. Such documentation might be found by browsing the filesystem / Start menu (Windows) / provided materials and original installation media or by searching the Web.
Of course, this applies only by convention; generally there is no contract that is enforced on the script by a computer system. If someone is "giving you a script" (of questionable origin) then none of the above is guaranteed.
If you expressly receive a script (containing text readable in an editor and not binary gibberish) then the contents might include a section of prose containing useful information without your resorting to reading and understanding the "code".
I'm currently modifying a script used to backup cisco ACE modules' contexts & crypto files. it works absolutely beautifully with one device. however, when i use it on another module, it seems to go completely out of sync and it messes up the script.
From what I can see, the differences are in the presence of a line that the ACE module throws up as so: Warning: Permanently added '[x.x.x.x]' (RSA) to the list of known hosts.\r\r\n this just seems to throw the rest of the script off, even though none of my expect statements are even looking for this!
I've had nothing but nightmares with expect and the way in which it interprets information from ace modules; can anyone shed any light on this issue or provide any advice as to how to make these devices behave when I try to script for them?
If you're handling one connection at a time, you should make sure you fully terminate one before opening the next. The simplest way of doing that is to put:
close
wait
At the end of the (foreach) loop over the things to connect to.
If you were doing multiple connections at once, you'd have to take care to use the -i option to various commands (notably expect, send and close) and make everything work right in addition to fixing the things I mentioned earlier. It can be done, but it's considerably more tricky and not worth it if you don't need the parallelism.
I'm wrapping a C++ library in PHP using SWIG and there have been some occasions where I want to modify the generated code (both generated C++ and PHP):
Fix code-generation errors
Add code that makes sense in PHP, but not in C++ (e.g. type checking)
Add documentation tags (e.g. phpDoc)
I'm currently automating these modifications with patch. This approach works, but it seems high-maintenance and fragile. Is there a better way of doing this?
The best bet is to have your code generator generate correct code for your needs. Hand-tweaking generated output is unsustainable. You'll have to tweak it again any time the input changes.
If a tool is producing flatly erroneous output, it's ideal to repair it and submit patches back to the maintainer. If the output is correct for some circumstances but wrong for yours, I'd suggest to add an option that changes the behavior to what you need.
Sometimes, you can use a short program that automatically does an intelligent job of patching your generated code, so that you don't need a manual process to make patches.
Alternatively, you could write your own code generator, but I suspect that's much more work than you want. It also depends on what you're doing. Sometimes code-generation is really just macro-expansion, and there are plenty of good tools for that in the wild.
Good luck!
You may end up having a maintenance nightmare later on. Instead of SWIG you might consider using another generative approach that:
Let you add your custom code directly on the model (so that you won't need to add it post-generation)
Let you define your own generator. This feature alone could take out the need to add custom code all along.
The problem of using third-party generators is that they never really generate what you want. The problem of writing your own code generators is that it's much more work. You choose.
But correcting an automation with another automation...
Code generation is quite a wide topic and there are definitely many other approaches, which might be more interresting to you as mentioned above.
But if you do not want to use other tool, depending on what code is generated and on the PHP OO capabilities, you might use the Generation Gap pattern.
Do you use the debugger of the language that you work in to step through code to understand what the code is doing, or do you find it easy to look at code written by someone else to figure out what is going on? I am talking about code written in C#, but it could be any language.
I use the unit tests for this.
Yes, but generally only to investigate bugs that prove resistant to other methods.
I write embedded software, so running a debugger normally involves having to physically plug a debug module into the PCB under test, add/remove links, solder on a debug socket (if not already present), etc - hence why I try to avoid it if possible. Also, some older debugger hardware/software can be a bit flaky.
I will for particularly complex sections of code, but I hope that generally my fellow developers would have written code that is clear enough to follow without it.
Depending on who wrote the code, even a debugger doesn't help to understand how it works: I have a co-worker who prides himself on being able to get as much as possible done in every single line of code. This can lead to code that is often hard to read, let alone understand what it does in the long run.
Personally I always hope to find code as readable as the code I try to write.
I will mostly use debugger to setup breakpoints on exceptions.
That way I can execute any test or unit test I wrote, and still be able to be right where the code fails if any exception should occur.
I won't say I used all the time, but I do use it fairly often. The domain I work in is automation and controls. You often need the debugger to see the various internal states of the system. It is usually difficult to impossible to determine these simply from looking at code.
Yes, but only as a last resort when there's no unit test coverage and the code is particularly hard to follow. Using the debugger to step through code is a time consuming process and one I don't find too fun. I tend to find myself using this technique a lot when trying to follow VBA code.