How to check does string contain a substring in JS?

Some sophisticated tips on popular Java Script issue
07 August 2017   1329
JavaScript

JavaScript is a lightweight interpreted or JIT-compiled programming language with first-class functions

JavaScript Substring

In JavaScript, any text data is a string. There is no separate type of “symbol”, which is in other languages.

You can create string in this way:

var text = "my string";

var anotherText = 'my string 2';

var str = "012345";

In JS, there are 3 methods for taking substring, with slight differences between them: substr, substring, slice.

substring (start, end) method returns a substring from the startposition to, but not including, end.

var str = "stringify";
alert(str.substring(0,1)); // "s"

If there is no end argument, it goes to the end of the line. 

var str = "stringify";
alert(str.substring(2));

How to check, is there a substing in a string? According to Hype.Codes research, there are 6 different ways. 

1. indexOf

var string = "foo",
    substring = "oo";
string.indexOf(substring) !== -1;

String.prototype.indexOf returns the position of the string in the other string. If not found, it will return -1.

2. (ES6) includes 

var string = "foo",
    substring = "oo";
string.includes(substring);

3. search

var string = "foo",
    expr = /oo/;
string.search(expr);

4. lodash includes 

var string = "foo",
    substring = "oo";
_.includes(string, substring);

5. RegExp 

var string = "foo",
    expr = /oo/;  // no quotes here
expr.test(string);

6. Match

var string = "foo",
    expr = /oo/;
string.match(expr);

You can learn bore about stings from a video tutorial.

New Versions of Spectre Vulnerability Found

Chrome / Chromium, Edge, Safari and other browsers based on WebKit and Blink are under the thread
13 July 2018   102

The information about new vulnerabilities in the mechanism of work of processors is published. The attack is based on the principles of the Spectre operation and consists in restoring the data in the processor cache when the instructions are speculative. Chrome introduces strict isolation of sites.

How it works

Specter 1.1
It is based on the principles of the Specter 1. Unlike the previously identified vulnerability, the code is executed, not read. This causes the buffer to overflow and cache the results. This method of attacks allow to restore the contents of the cache and send information to third-party channels that analyze the access time to the cached and not pro-cached data.

Specter 1.2.
The principle of operation is similar to the execution of Spectra 1 scenarios, but memory areas with a "read only" flag are used. In doing so, Specter 1.2 only achieves the definition of pointer and metadata values ​​to bypass the constraints of sandbox environments.

Solution

The available methods for eliminating vulnerabilities require further development and modernization. One of the many scenarios involves adding LFENCE instructions to the application compilation process or at the hardware level. In addition, existing buffer overflow modes can also be an effective protection against vulnerabilities.

Browsers

Chrome / Chromium, Edge, Safari and other browsers based on WebKit and Blink are under the thread. It is based on opening a page with a decorated JavaScript code and forms in JIT the necessary set of instructions for the attacker. This code execution script allows to read the contents of the process address space and get information about stored keys and passwords.

In this regard, Google introduces strict isolation of sites for 99% of users of Chrome 67. The mechanism is to place different pages of sites in the memory of different processors using a personal safe execution environment. The introduction of the strict isolation mode will increase the processor's memory consumption by the browser by 10-13%.