File tree Expand file tree Collapse file tree 3 files changed +68
-2
lines changed Expand file tree Collapse file tree 3 files changed +68
-2
lines changed Original file line number Diff line number Diff line change @@ -148,7 +148,10 @@ str(t"Please be a string!")
148148# Processing templates
149149
150150<div v-click >
151- <p >Given a <code >Template</code >, you can write or call <strong >custom code</strong > to:</p >
151+ <p >Templates are <strong >normal</strong > Python objects</p >
152+ </div >
153+ <div v-click >
154+ <p >You can write or call code to:</p >
152155</div >
153156<div v-click >
154157<p >&ndash ; Turn them into a <code >str</code ></p >
@@ -188,9 +191,56 @@ image: /assets/img/f-strings-dangerous.png
188191backgroundSize: contain
189192---
190193
191- # F-strings get ** misused** :
194+ # F-strings are frequently ** misused** :
192195
193196&ndash ; Injection vulns
194197
198+ ---
199+ layout: image
200+ image: /assets/img/bobby-tables-from-xkcd-by-randall-munroe.png
201+ backgroundSize: contain
202+ ---
203+
204+ <div class =" bottom-out " ><center ><p >(with apologies to randall munroe)</p ></center ></div >
205+
206+ ---
195207
208+ # Bobby Tables
196209
210+ <div class =" smaller " >
211+ ```` md magic-move
212+ ```python314
213+ def get_user(name):
214+ # Here be dragons
215+ return f"SELECT * FROM users WHERE name = '{name}'"
216+ ```
217+ ```python314
218+ def get_user_query(name):
219+ # Here be dragons
220+ return f"SELECT * FROM users WHERE name = '{name}'"
221+
222+ get_user_query("Robert'); DROP TABLE Students;--")
223+ ```
224+ ````
225+ </div >
226+
227+ ---
228+
229+ # Bobby HTML-bles
230+
231+ <div class =" smaller " >
232+ ```` md magic-move
233+ ```python314
234+ def render_user(name):
235+ # Here be dragons
236+ return f"<div class='user'>{name}</div>"
237+ ```
238+ ```python314
239+ def render_user(name):
240+ # Here be dragons
241+ return f"<div class='user'>{name}</div>"
242+
243+ render_user("<script>alert('Owned!')</script>")
244+ ```
245+ ````
246+ </div >
Original file line number Diff line number Diff line change @@ -23,6 +23,10 @@ strong {
2323 margin-bottom : 0.25em ;
2424}
2525
26+ .smaller .shiki {
27+ font-size : 1.5em !important ;
28+ }
29+
2630@font-face {
2731 font-family : "apex-predator" ;
2832 src : url ("./fonts/ap-400.woff2" ) format ("woff2" ), url ("./fonts/ap-400.woff" ) format ("woff" ),
@@ -107,6 +111,18 @@ strong {
107111 opacity : 0.75 ;
108112 }
109113
114+ .bottom-out {
115+ font-size : 0.5em ;
116+ position : absolute;
117+ display : flex;
118+ width : 100% ;
119+ padding-right : 6.5em ;
120+ /* i literally have no idea why 6.5em works but let's move on */
121+ align-content : center;
122+ justify-content : center;
123+ bottom : 0 ;
124+ }
125+
110126 li ,
111127 ol {
112128 font-size : 2.666em ;
You can’t perform that action at this time.
0 commit comments