Hong Minhee

PostsComments

DDeno

•Created by Hong Minhee on 3/20/2025 in #help

Deno `fetch()` SSRF prevention: Best practices for user-supplied URLs?

What are the best practices for preventing SSRF vulnerabilities when using the fetch() API in Deno, especially when the input URL for fetch() needs to be arbitrarily received from users? I understand that using a whitelist for allowed hosts is a good starting point, but I'm looking for a more comprehensive approach. Are there any specific Deno APIs or techniques to effectively block internal IP addresses, limit URL schemes, prevent DNS rebinding attacks, or handle redirects securely? Any example code snippets would be greatly appreciated!

1 replies

DDeno

•Created by Hong Minhee on 7/14/2024 in #help

How to set up VS Code with Deno workspaces

I'm trying workspaces, introduced since Deno 1.45. It works well with the deno CLI, but in VS Code, red underlines show up on import statements. (I guess this issue is relevant?) Is it a bug of Deno's LSP or my mistake? Is there any best practice to set up VS Code with Deno workspaces?

9 replies

DDeno

•Created by Hong Minhee on 3/4/2024 in #help

Is there any reference manual for how doc comments are rendered on JSR or deno.land/x?

I guessed it's just TSDoc, but it turns out that it's not exactly TSDoc (e.g., @link to an instance method apparently does not work).

6 replies

DDeno

•Created by Hong Minhee on 1/24/2023 in #help

How can I let my program keep running even if it receives SIGINT?

I succeeded to write a program to handle SIGINT using Deno.addSignalListener("SIGINT", ...) API, but Deno always exits when it receives a SIGINT whether I put Deno.exit() inside the signal handler or not. [Edit: It was my mistake. Deno keeps running if a signal handler was registered.] I just want my program to reload the configuration file instead of terminating when it receives SIGINT. Is there any way to do it?

5 replies