The Hacker News

Critical AdonisJS Bodyparser Flaw (CVSS 9.2) Enables Arbitrary File Write on Servers

A critical CVSS 9.2 flaw in AdonisJS bodyparser lets attackers write arbitrary files via path traversal when uploads are misconfigured.
Ars Technica

Client-side JavaScript file processing may come via File API

A new JavaScript API aims to facilitate limited local filesystem access in Web applications. A draft that documents the new API, authored by Mozilla's Arun Ranganathan, has been submitted to the World ...
CSO Online

Critical jsPDF vulnerability enables arbitrary file read in Node.js deployments

The path traversal bug allows attackers to include arbitrary filesystem content in generated PDFs when file paths are not ...
Visual Studio Magazine

Use JavaScript Code from One File in Another File with IntelliSense

If you have a JavaScript (*.js) file containing code, it's not unusual for your code to reference code held in another JavaScript file. If you're using more recent versions of Visual Studio, you'll ...
InfoWorld

How to use FilePond with Node.js

There are numerous libraries available for the task, but FilePond is supremely easy to use and handles niceties like image optimization without extra configuration. Moreover, it gives the developer a ...
WeLiveSecurity

Gmail starts blocking JavaScript attachments: Alternative infector vectors to be expected?

As of February 13th, 2017, Gmail has started deploying their new restrictive policy on .js file attachments, extending their list of file types blocked for security reasons. After the full release, ...
CSOonline

How to block malicious JavaScript files in Windows environments

Attackers frequently send malicious JavaScript files through bogus emails. It's easy to block these files from reaching a hapless user. Here's how. There have been several recent reports of fake ...