Posts in:

JavaScript

Etherpad reflected file download: Vulnerability hunting with QL (CVE-2018-6835)

This blog post explains how QL can be used to discover so-called 'Reflected File Download' vulnerabilities in JavaScript applications. As an example, we look at CVE-2018-6835 which we recently found in the Etherpad collaborative editor.

TypeScript support on LGTM

LGTM now supports TypeScript as part of its existing JavaScript analysis.

January 26, 2018

Lodash vs Underscore: Dash of the titans

Lodash and Underscore are both prominent members of the top-10 of most-used JavaScript packages. This blog post investigates the popular belief that Lodash is becoming more popular at the expense of Underscore, and explores what could be behind the r…

October 26, 2017

Browse all tags