#security — Tags | The Hackpile

How to Save the Brain Before You Squash the Body

Extract GPS and camera data with exifr before compression. Sanitize EXIF, store metadata in your database, not in public files.

Apr 25, 2026 Apr 26, 2026 image-optimization 22 min
Presigned Uploads, the Database, and the Lifecycle

Wire the encoded variants and LQIP into object storage and a database. Presigned PUTs, per-variant retry, transactional DB writes, and orphan cleanup.

Apr 22, 2026 Apr 22, 2026 image-optimization 26 min
Production Hardening

Harden your ad system for production: database indexing, Redis-backed frequency capping, rate limiting, HTML sanitisation, SSRF prevention, and GDPR compliance.

Apr 4, 2026 Apr 4, 2026 dynamic-ads 35 min
Universal vs Server Load Functions

Learn the difference between +page.ts and +page.server.ts, when each runs, what each can access, and how to choose the right one.

Mar 1, 2026 Mar 1, 2026 sveltekit-reference 25 min
Real Authentication in SvelteKit with better-auth

Step-by-step guide to integrating better-auth in SvelteKit: setup, schema, hooks, client, and login/logout UI. No ORM required.

Feb 20, 2026 May 22, 2026 sveltekit-reference 22 min
{@html ...}

Master Svelte 5's `@html` tag for safe raw HTML rendering. Learn XSS prevention, DOMPurify, styling, and CMS content handling.

Dec 23, 2025 Dec 31, 2025 svelte-reference 25 min
Creating Empty Maps Without Properties in JavaScript

Learn when and why to use Object.create(null) for safe dictionaries in Svelte 5 and SvelteKit applications, with 8 practical examples.

Nov 29, 2025 Dec 31, 2025 25 min
Authentication Architecture with Context

Build a runnable Svelte 5 auth system with session cookies, role-based permissions, server route guards, and context-powered access control.

Jan 24, 2025 Jan 24, 2025 svelte-reference 40 min
CSP Support for Hydratable

Learn how to use nonces and hashes with Svelte 5 hydratable function to secure server-rendered applications.

Jan 1, 2025 Jan 1, 2025 25 min