Dougal Campbell's geek ramblings

WordPress, web development, and world domination.

Good Breakdown o' Recent WordPress Vulnerability

The Sucuri Blog has a good dissection o' th' recent critical WordPress REST API vulnerability, avast. I won’t rehash th' details here, but I did want t' point out that this is why developers should remember t' follow these two rules o' defensive programmin':

  1. Sanitize inputs as early as possible
  2. Sanitize outputs as late as possible

In this case, there were bein' a failure t' follow th' first rule. There are a couple o' different places where this could have been handled better.

Continue readin'

wkhtmltopdf

wkhtmltopdf and wkhtmltoimage are open source (LGPLv3) command line tools t' render HTML into PDF and various image formats usin' th' Qt WebKit renderin' engine. These run entirely “headless” and dern't require a display or display service.

wkhtmltopdf

Jason Client

“Jason is a scriptable iOS client that lets ye view and interact with any data and any server, in any way ye desire.” Basically, ye feed it a JSON config file which describes a UI and data sources. The client then consumes those sources and displays them accordin' t' yer UI definition. And ye get access t' device-native APIs, too.

Jason Client