Don't do this at home

davepeck · davepeck · commit 7609a2f20f22 · 2025-05-12T18:12:54.000-07:00
diff --git a/slides.md b/slides.md
@@ -210,16 +210,21 @@ backgroundSize: contain
 <div class="smaller">
 ````md magic-move
 ```python314
-def get_user(name):
-	# Here be dragons
-	return f"SELECT * FROM users WHERE name = '{name}'"
+def get_query(name):
+	return f"SELECT * FROM students WHERE name = '{name}'"
 ```
 ```python314
-def get_user_query(name):
-	# Here be dragons
-	return f"SELECT * FROM users WHERE name = '{name}'"
+def get_query(name):
+	return f"SELECT * FROM students WHERE name = '{name}'"
 
-get_user_query("Robert'); DROP TABLE Students;--")
+get_query("Robert'); DROP TABLE Students;--")
+```
+```python314
+def get_query(name):
+	return f"SELECT * FROM students WHERE name = '{name}'"
+
+query = get_query("Robert'); DROP TABLE Students;--")
+execute(query)  # ☠️
 ```
 ````
 </div>
@@ -232,15 +237,21 @@ get_user_query("Robert'); DROP TABLE Students;--")
 ````md magic-move
 ```python314
 def render_user(name):
-	# Here be dragons
 	return f"<div class='user'>{name}</div>"
 ```
 ```python314
 def render_user(name):
-	# Here be dragons
 	return f"<div class='user'>{name}</div>"
 
 render_user("<script>alert('Owned!')</script>")
 ```
+```python314
+def render_user(name):
+	return f"<div class='user'>{name}</div>"
+
+@get("/user/:name")
+def user(name: str):
+	return render_user(name)  # 🙈🙊🙉
+```
 ````
 </div>
diff --git a/style.css b/style.css
@@ -24,7 +24,7 @@ strong {
 }
 
 .smaller .shiki {
-	font-size: 1.5em !important;
+	font-size: 1.3333em !important;
 }
 
 @font-face {

Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,7 @@ strong {`
`24`	`24`	`}`
`25`	`25`
`26`	`26`	`.smaller .shiki {`
`27`		`- font-size: 1.5em !important;`
	`27`	`+ font-size: 1.3333em !important;`
`28`	`28`	`}`
`29`	`29`
`30`	`30`	`@font-face {`