What's wrong with this JavaScript setTimeout zero delay?
What's wrong with this JavaScript setTimeout zero delay not running first. The JavaScript code uses setTimeout 0 to defer but microtasks run first. In JavaScript the order of async work can surprise you.
#whatswrongwiththisjavascriptcode #javascriptbug #javascriptproductionbug #javascriptdebugging #javascriptbackend #javascriptcodereview #javascriptsecurity #javascriptperformance #javascrip...
Why does this JavaScript gzip handler crash servers?
Why does this JavaScript gzip handler crash servers on small inputs. The JavaScript code inflates compressed data without size limits, so a tiny payload can explode memory. In JavaScript webhooks this becomes a denial of service.
#whatswrongwiththisjavascriptcode #javascriptbug #javascriptproductionbug #javascriptdebugging #javascriptbackend #javascriptcodereview #javascriptsecurity #javascript...
Why does this JavaScript Proxy trap missing?
Why does this JavaScript Proxy trap missing for operation. The JavaScript code uses Proxy but does not trap all operations. In JavaScript some property access bypasses the proxy.
#whatswrongwiththisjavascriptcode #javascriptbug #javascriptproductionbug #javascriptdebugging #javascriptbackend #javascriptcodereview #javascriptsecurity #javascriptperformance #javascriptreliability #javascriptapi #javascri...
Why does this JavaScript indexOf with NaN always returns -1?
Why does this JavaScript indexOf with NaN always returns -1. The JavaScript code uses indexOf to find a calculation result. In JavaScript indexOf uses strict equality and NaN never equals itself.
#whatswrongwiththisjavascriptcode #javascriptbug #javascriptproductionbug #javascriptdebugging #javascriptbackend #javascriptcodereview #javascriptsecurity #javascriptperformance #javascriptrel...
What's wrong with this JavaScript destructure undefined?
What's wrong with this JavaScript destructure undefined throwing. The JavaScript code destructures a possibly undefined response. In JavaScript destructuring undefined throws and crashes.
#whatswrongwiththisjavascriptcode #javascriptbug #javascriptproductionbug #javascriptdebugging #javascriptbackend #javascriptcodereview #javascriptsecurity #javascriptperformance #javascriptreliability #ja...
What's wrong with this JavaScript Array reverse mutates?
What's wrong with this JavaScript Array reverse mutates in place. The JavaScript code reverses an array and passes it on. In JavaScript reverse mutates the original and corrupts the source.
#whatswrongwiththisjavascriptcode #javascriptbug #javascriptproductionbug #javascriptdebugging #javascriptbackend #javascriptcodereview #javascriptsecurity #javascriptperformance #javascriptreliability #...
Why does this JavaScript new Date parse wrong?
Why does this JavaScript new Date parse wrong across timezones. The JavaScript code passes a date string without timezone. In JavaScript the parser interprets it as local and shifts hours for users.
#whatswrongwiththisjavascriptcode #javascriptbug #javascriptproductionbug #javascriptdebugging #javascriptbackend #javascriptcodereview #javascriptsecurity #javascriptperformance #javascriptreliability #j...
What's wrong with this JavaScript spread shallow copy?
What's wrong with this JavaScript spread shallow copy in state update. The JavaScript code uses spread to clone state. In JavaScript nested objects are still shared and mutations leak.
#whatswrongwiththisjavascriptcode #javascriptbug #javascriptproductionbug #javascriptdebugging #javascriptbackend #javascriptcodereview #javascriptsecurity #javascriptperformance #javascriptreliability #javascr...
Why does this JavaScript eval in JSON parse?
Why does this JavaScript eval in JSON parse allowing code execution. The JavaScript code uses eval or Function to parse JSON. In JavaScript this executes any code in the string.
#whatswrongwiththisjavascriptcode #javascriptbug #javascriptproductionbug #javascriptdebugging #javascriptbackend #javascriptcodereview #javascriptsecurity #javascriptperformance #javascriptreliability #javascriptapi #javascrip...
Why does this JavaScript replace only change the first match?
Why does this JavaScript replace only change the first match in a sanitizer. The JavaScript code uses replace without the global flag. In JavaScript only the first occurrence is replaced and the rest remain.
#whatswrongwiththisjavascriptcode #javascriptbug #javascriptproductionbug #javascriptdebugging #javascriptbackend #javascriptcodereview #javascriptsecurity #javascriptperformance #...
What's wrong with this JavaScript worker ack?
What's wrong with this JavaScript worker ack in a queue. The JavaScript code acknowledges the message before the database commit, so failures lose data permanently. In JavaScript pipelines this creates silent gaps.
#whatswrongwiththisjavascriptcode #javascriptbug #javascriptproductionbug #javascriptdebugging #javascriptbackend #javascriptcodereview #javascriptsecurity #javascriptperformance #javascrip...
What's wrong with this JavaScript URL fetch?
What's wrong with this JavaScript URL fetch in production. The JavaScript code fetches a user supplied URL without validation, enabling SSRF to internal services. In JavaScript backends this exposes secrets.
#whatswrongwiththisjavascriptcode #javascriptbug #javascriptproductionbug #javascriptdebugging #javascriptbackend #javascriptcodereview #javascriptsecurity #javascriptperformance #javascriptreliabi...
Why does this JavaScript filter return wrong type?
Why does this JavaScript filter return wrong type in a search. The JavaScript code uses filter and assumes results match the predicate. In JavaScript sparse arrays or holes can produce unexpected length.
#whatswrongwiththisjavascriptcode #javascriptbug #javascriptproductionbug #javascriptdebugging #javascriptbackend #javascriptcodereview #javascriptsecurity #javascriptperformance #javascriptrelia...
Why does this JavaScript addEventListener stacking?
Why does this JavaScript addEventListener stacking without remove. The JavaScript code adds a listener on each render. In JavaScript listeners accumulate and fire multiple times.
#whatswrongwiththisjavascriptcode #javascriptbug #javascriptproductionbug #javascriptdebugging #javascriptbackend #javascriptcodereview #javascriptsecurity #javascriptperformance #javascriptreliability #javascriptapi #j...
Why does this JavaScript reduce crash on empty array?
Why does this JavaScript reduce crash on empty array in aggregation. The JavaScript code calls reduce without an initial value. In JavaScript when the array is empty it throws. In JavaScript dashboards empty states break the app.
#whatswrongwiththisjavascriptcode #javascriptbug #javascriptproductionbug #javascriptdebugging #javascriptbackend #javascriptcodereview #javascriptsecurity #javascrip...
What's wrong with this JavaScript Object freeze shallow?
What's wrong with this JavaScript Object freeze shallow in config. The JavaScript code freezes the top level object. In JavaScript nested objects stay mutable and can still be modified.
#whatswrongwiththisjavascriptcode #javascriptbug #javascriptproductionbug #javascriptdebugging #javascriptbackend #javascriptcodereview #javascriptsecurity #javascriptperformance #javascriptreliability #java...
Why does this JavaScript money math drift?
Why does this JavaScript money math drift in billing. The JavaScript code uses floats for currency and rounds at the end, which creates silent cents errors. In JavaScript finance systems this causes reconciliation mismatches.
#whatswrongwiththisjavascriptcode #javascriptbug #javascriptproductionbug #javascriptdebugging #javascriptbackend #javascriptcodereview #javascriptsecurity #javascriptperformance #j...
What's wrong with this JavaScript regex?
What's wrong with this JavaScript regex in validation. The JavaScript pattern has catastrophic backtracking, so a single input can hang a worker. In JavaScript APIs this becomes a denial of service.
#whatswrongwiththisjavascriptcode #javascriptbug #javascriptproductionbug #javascriptdebugging #javascriptbackend #javascriptcodereview #javascriptsecurity #javascriptperformance #javascriptreliability #javascr...
Why does this JavaScript Symbol not equal itself?
Why does this JavaScript Symbol not equal itself in a cache. The JavaScript code uses Symbol as a unique key. In JavaScript Symbol creates new identity every call so the same key never matches.
#whatswrongwiththisjavascriptcode #javascriptbug #javascriptproductionbug #javascriptdebugging #javascriptbackend #javascriptcodereview #javascriptsecurity #javascriptperformance #javascriptreliability #jav...
Why does this JavaScript innerHTML XSS?
Why does this JavaScript innerHTML XSS from user content. The JavaScript code assigns user input to innerHTML. In JavaScript this executes any script in the string.
#whatswrongwiththisjavascriptcode #javascriptbug #javascriptproductionbug #javascriptdebugging #javascriptbackend #javascriptcodereview #javascriptsecurity #javascriptperformance #javascriptreliability #javascriptapi #javascriptengineering #java...
