Denial of service and source code exposure in React Server Components
Link: https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components
Discussion: https://news.ycombinator.com/item?id=46236924
Following #React2Shell, two new vulnerabilities were found in React Server Components: one enabling Denial of Service, another allowing source code (and hard-coded secrets) to leak!
#React #Security #vulnerability #RSC
Wake up honey new React server components CVE just dropped.
I build websites using Facebook's framework on top of Microsoft's programming language, using Apple's hardware and OS
#Technology #Mac #macOS #React #TypeScript #WebDev #IndieWeb
Denial of Service and Source Code Exposure in React Server Components
Crypto.com is hiring Senior React Native Developer - Crypto.com App
🔧 #cryptocurrency #react #reactnative #javascript #kotlin #swift #typescript #android #ios #seniorengineer
🌎 Singapore
⏰ Full-time
🏢 Crypto.com
Job details https://jobsfordevelopers.com/jobs/senior-react-native-developer-crypto-com-app-at-crypto-com-mar-7-2025-f63011?utm_source=mastodon.world&utm_medium=social&utm_campaign=posting
#jobalert #jobsearch #hiring
Hoàn thành việc tách một component React khổng lồ thành các component nhỏ, rõ ràng: Navbar (Logo, Search, NumResults), ListBox (MovieList, Movie), WatchedBox (WatchedMoviesSummary, WatchedMovieList, WatchedMovie). Cấu trúc sạch, tái sử dụng, cải thiện tư duy phát triển. #React #Component #Frontend #LậpTrình #ReactJS #phát_triển
ScreenUI ra mắt chính thức! 🚀 Thư viện UI hiện đại với hơn 15 component (Button, Accordion, Card, Toggle, File Upload, Table, Badge…) hỗ trợ TS/JS, giao diện dark/light và CLI tạo component nhanh vào dự án. Tailwind‑first, React/Next.js friendly, mã nguồn mở, không khóa vendor. Hãy thử, star và góp ý! #ScreenUI #UI #React #Nextjs #Tailwind #WebDev #CôngNghệ
Cisco posted this yesterday, if you missed it:
Critical: CVE-2025-55182: Remote Code Execution Vulnerability in React and Next.js Frameworks: December 2025 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-react-flight-TYw32Ddb @TalosSecurity #infosec #vulnerability #React
OpenIDE Pro: ответ на запросы бизнеса и разработчиков одновременно
Привет! Я Фёдор, CEO OpenIDE. За год с момента анонса OpenIDE выросла в стабильную, привычную и активно используемую IDE, которую всё чаще выбирают разработчики и компании. Мы создали её быстрой, предсказуемой и полностью доступной — и теперь готовы к следующему шагу. В этой статье — что мы сделали, зачем мы это делаем и куда дальше движется OpenIDE.
https://habr.com/ru/companies/axiomjdk/articles/972938/
#openide #openide_pro #java #go #spring #javascript #typescript #react #axiom_jdk #axiomjdk
🌕 Patterns.dev:打造高效能網路應用程式的設計模式指南
➤ 深入解析 JavaScript、React 與 Vue 的現代設計模式與效能優化策略
✤ https://www.patterns.dev/
Patterns.dev 是一個免費線上資源,專注於提供使用原生 JavaScript 或現代框架建構高效能網路應用程式的設計、渲染與效能模式。該網站深入探討了 JavaScript、React 和 Vue 的各種設計模式,涵蓋了從基礎的單例模式到進階的程式碼分割、預載、伺服器端渲染等眾多效能優化技巧。旨在幫助開發者理解並應用這些模式,以提升應用程式的架構、擴充性與使用者體驗。
+ 這個網站的內容太豐富了!從基礎到進階都有涵蓋,而且用詞淺顯易懂,非常適合我們這些正在學習的開發者。
+ 我很欣賞 Patterns.dev 對於效能優化部分的詳盡說明,特別是關於程式碼分割和預載的技巧,這對提升網站載入速度非常有幫助。
#網頁開發 #設計模式 #JavaScript #React #Vue #效能優化
Hey #Javascript folks, why does no one talking about the recent #React #CVE mentions defensive mechanisms like node's --disallow-code-generation-from-strings which from what I've seen would have prevented the RCE (there may be ways to exploit the prototype pollution but would make the attacker's job much harder).
There is also --disable-proto=delete but I don't know if it's practical.
Using Content Security Policies in the frontend is table stakes, why not also on the server?