M ABD AZIZ ALFIAN aalfiann

## minify_page.php
    /** To use minify with ob_start just put at the top of your page
     * Warning:
     * - This function still not support to remove any comments in javascript
     * - Minifying on buffering will take so much memory and it not recomended for high traffic
     */
    function sanitize_output($buffer) {

        $search = array(
            // Minify HTML
            '/\>[^\S ]+/s',                                 // strip whitespaces after tags, except space [^1]

## proxy_curl.php
<?php

print get_file('http://www.google.com');

function get_file($url) {

  $curl = curl_init();
  $options = default_ops(array(CURLOPT_URL => $url));
  curl_setopt_array($curl, $options);
  $output = curl_exec($curl);

## Preg_match.php
<?php
echo preg_replace('#<a.*?>([^>]*)</a>#i', '$1', $str);
?>


## sharing_memory.html

<!DOCTYPE html>
<html>
	<head>
		<title>Sharing memoryStorage between tabs for secure multi-tab authentication</title>
	</head>
	<body>
		<h3><a href=''>memoryStorage</a></h3>
		<h3 id="stData"></h3>
		<button id="btnSet">Set memory storage</button>

## gist:c0cbb90b8cbdd7845da0359245bdbdb1
TL;DR - jump to the challenge at the end

====ON BLOCKING EVIL BOTS=====
On a resent job interview I had for "Incapsula" a few days ago I was put to the challenge to break
their bot protection mechanism. Apparently node.js is not that common among bot writes and most bots
are not able to run javascript.
The challenge had two parts -
1. find what the code does.
2. implement a bot that will break the code without using js.
3. think how to make this code unbreakable

## simple_encrypt.js
var key = "SXGWLZPDOKFIVUHJYTQBNMACERxswgzldpkoifuvjhtybqmncare";
// matches ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ

function encodeStr(uncoded) {
  uncoded = uncoded.toUpperCase().replace(/^\s+|\s+$/g,"");
  var coded = "";
  var chr;
  for (var i = uncoded.length - 1; i >= 0; i--) {
    chr = uncoded.charCodeAt(i);
    coded += (chr >= 65 && chr <= 90) ?

## .gitignore
/cache/

## global-debugger.js
/**
 * Global debugger class
 * @param states = debugger will run if states is set to true
 * @param klass = classical interface to prototypal inheritance
 */
var Debugger = function(states, klass) {

  this.debug = {}

  if (states && klass.isDebug) {

## fullscreen_api.js
/* Request Fullscreen on spesific element */
  function requestFullScreen(element) {
    // Supports most browsers and their versions.
    var requestMethod = element.requestFullScreen || element.webkitRequestFullScreen || element.mozRequestFullScreen || element.msRequestFullScreen;
    if (requestMethod) { // Native full screen.
      requestMethod.call(element);
    } else if (typeof window.ActiveXObject !== "undefined") { // Older IE.
      var wscript = new ActiveXObject("WScript.Shell");
      if (wscript !== null) {
        wscript.SendKeys("{F11}");

## multiple-acao-htaccess.txt
<IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule . index.php [L]
	SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
</IfModule>

<IfModule mod_headers.c>
	# Example multiple Access Control Allow Origin (ACAO)
	/** To use minify with ob_start just put at the top of your page
	* Warning:
	* - This function still not support to remove any comments in javascript
	* - Minifying on buffering will take so much memory and it not recomended for high traffic
	*/
	function sanitize_output($buffer) {

	$search = array(
	// Minify HTML
	'/\>[^\S ]+/s', // strip whitespaces after tags, except space [^1]
	<?php

	print get_file('http://www.google.com');

	function get_file($url) {

	$curl = curl_init();
	$options = default_ops(array(CURLOPT_URL => $url));
	curl_setopt_array($curl, $options);
	$output = curl_exec($curl);
	<?php
	echo preg_replace('#<a.?>([^>])</a>#i', '$1', $str);
	?>

	<!DOCTYPE html>
	<html>
	<head>
	<title>Sharing memoryStorage between tabs for secure multi-tab authentication</title>
	</head>
	<body>
	<h3><a href=''>memoryStorage</a></h3>
	<h3 id="stData"></h3>
	<button id="btnSet">Set memory storage</button>
	TL;DR - jump to the challenge at the end

	====ON BLOCKING EVIL BOTS=====
	On a resent job interview I had for "Incapsula" a few days ago I was put to the challenge to break
	their bot protection mechanism. Apparently node.js is not that common among bot writes and most bots
	are not able to run javascript.
	The challenge had two parts -
	1. find what the code does.
	2. implement a bot that will break the code without using js.
	3. think how to make this code unbreakable
	var key = "SXGWLZPDOKFIVUHJYTQBNMACERxswgzldpkoifuvjhtybqmncare";
	// matches ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ

	function encodeStr(uncoded) {
	uncoded = uncoded.toUpperCase().replace(/^\s+\|\s+$/g,"");
	var coded = "";
	var chr;
	for (var i = uncoded.length - 1; i >= 0; i--) {
	chr = uncoded.charCodeAt(i);
	coded += (chr >= 65 && chr <= 90) ?
	/**
	* Global debugger class
	* @param states = debugger will run if states is set to true
	* @param klass = classical interface to prototypal inheritance
	*/
	var Debugger = function(states, klass) {

	this.debug = {}

	if (states && klass.isDebug) {
	/* Request Fullscreen on spesific element */
	function requestFullScreen(element) {
	// Supports most browsers and their versions.
	var requestMethod = element.requestFullScreen \|\| element.webkitRequestFullScreen \|\| element.mozRequestFullScreen \|\| element.msRequestFullScreen;
	if (requestMethod) { // Native full screen.
	requestMethod.call(element);
	} else if (typeof window.ActiveXObject !== "undefined") { // Older IE.
	var wscript = new ActiveXObject("WScript.Shell");
	if (wscript !== null) {
	wscript.SendKeys("{F11}");
	<IfModule mod_rewrite.c>
	RewriteEngine on
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteRule . index.php [L]
	SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
	</IfModule>

	<IfModule mod_headers.c>
	# Example multiple Access Control Allow Origin (ACAO)