Skip to content

Instantly share code, notes, and snippets.


Jordan Milne JordanMilne

View GitHub Profile
JordanMilne / gist:6459317
Created Sep 6, 2013
Demonstrates abuse of script error handling
View gist:6459317
<script src="" onload="javascript:alert('google loaded')" onerror="javascript:alert('google failed')"></script>
<script src="" onload="javascript:alert('universe exploded')" onerror="javascript:alert('doesntexist failed to load as expected')"></script>
JordanMilne / gist:7704136
Created Nov 29, 2013
Demonstration of a RequestPolicy bypass using jar: URIs
View gist:7704136
<img src="jar:!/foobar" />
View gist:8032399
<script src="" onload="javascript:alert('google loaded')" onerror="javascript:alert('google failed')"></script>
JordanMilne / content-type.mxml
Created Jan 16, 2014
setting the Content-Type header with flash
View content-type.mxml
<?xml version="1.0"?>
<s:Application xmlns:fx="" xmlns:mx="library://" xmlns:s="library://" >
public function sendStuff():void
var r:URLRequest = new URLRequest('');
r.method = 'POST'; = '{wow what a great post body}';
JordanMilne / gist:0880a229356b317f9ee0
Created Jul 7, 2014
JSON_HEX_TAGS-like functionality
View gist:0880a229356b317f9ee0
>>> import simplejson
>>> print simplejson.dumps({"foo<>":"<>bar&"}, cls=simplejson.JSONEncoderForHTML)
{"foo\u003c\u003e": "\u003c\u003ebar\u0026"}
View gist:e9c6314d56e7f2fc649a
$ ./stmd --ast
str "Normal paragraph"
str "Paragraph 2"
str "foo "

Keybase proof

I hereby claim:

  • I am jordanmilne on github.
  • I am largenocream ( on keybase.
  • I have a public key whose fingerprint is D39D AEC8 56F2 2C2B A0ED BFC6 BADF 89BE FF6F 9ED3

To claim this, I am signing this object:

JordanMilne / pytaint.patch
Created Oct 21, 2014
pyenv-compatible patch for pytaint against python 2.7.5, see
View pytaint.patch
From 2aea5633663dd0b91d55a80a17ad22edfb23731f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Gr=C3=B6bert?= <>
Date: Mon, 7 Oct 2013 15:44:48 +0200
Subject: [PATCH 1/9] pytaint patch
Include/Python.h | 3 +
Include/meritobject.h | 28 +
Include/pyerrors.h | 1 +
Include/stringobject.h | 53 +-
JordanMilne / gist:04c161a5b66a087619ed
Created Oct 28, 2014
Support HTTPS forcing in PRAW 2
View gist:04c161a5b66a087619ed
import praw
from functools import wraps
def init_wrapper(func):
def func_wrapper(*args, **kwargs):
ret = func(*args, **kwargs)
if ret:
ret._site_url = ret._site_url.replace('http:', 'https:')
ret._short_domain = ret._site_url.replace('http:', 'https:')
JordanMilne /
Created Nov 4, 2014
Horrible scripts to make JD's output recompileable (for Spiral Knights, circa 2011. I'm not allowed regexes anymore.)
#find possibly broken source files that will need to be manually fixed
( \
find ../code -type f -iname "*.java" -print0 | xargs --null grep -l '// Byte code:' && \
find ../code -type f -iname "*.java" -size 0 \
) | uniq