I hereby claim:
- I am airdisa on github.
- I am airdisa (https://keybase.io/airdisa) on keybase.
- I have a public key ASBI4SmDK2uIT5qpmTjWEBtY8cP19pnVt8usAJeQDxWb-Ao
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
xcrun swift -sdk /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator.sdk |
" A minimal vimrc for new vim users to start with. | |
" | |
" Referenced here: http://www.benorenstein.com/blog/your-first-vimrc-should-be-nearly-empty/ | |
" Original Author: Bram Moolenaar <Bram@vim.org> | |
" Made more minimal by: Ben Orenstein | |
" Last change: 2012 Jan 20 | |
" | |
" To use it, copy it to | |
" for Unix and OS/2: ~/.vimrc |
#!/usr/bin/env python | |
# Quick and dirty demonstration of CVE-2014-0160 by | |
# Jared Stafford (jspenguin@jspenguin.org) | |
# Modified so that it finds cookies | |
import sys | |
import struct | |
import socket | |
import time | |
import select |
# layouts/application.html.erb | |
<head> | |
<title><%= yield_or_default(:title) -%></title> | |
<meta name="description" content="<%= yield_or_default(:meta_desc) -%>"> | |
<meta name="keywords" content="<%= yield_or_default(:meta_keywords) -%>"> | |
<meta name="robots" content="<%= yield_or_default(:robots) -%>"> | |
<%= stylesheet_link_tag "application", media: "all", "data-turbolinks-track" => true %> | |
<%= javascript_include_tag "application", "data-turbolinks-track" => true %> |
$ cat etc/environment | |
=> PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" | |
$ cat root/.bashrc | |
streams => | |
# ~/.bashrc: executed by bash(1) for non-login shells. | |
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc) | |
# for examples | |
# If not running interactively, don't do anything |
<!-- Insert this script where you want a gist such as this --> | |
<script src="https://gist.github.com/AirDisa/8124295.js"></script> |
=Navigating= | |
visit('/projects') | |
visit(post_comments_path(post)) | |
=Clicking links and buttons= | |
click_link('id-of-link') | |
click_link('Link Text') | |
click_button('Save') | |
click('Link Text') # Click either a link or a button | |
click('Button Value') |
This post outlines three common web security vulnerabilities with specific examples in Rails. For a more complete list, I highly recommend the OWASP Rails security cheatsheet.
A cross-site scripting attack is when malicious scripts are injected into a web site in order to compromise it.
For example, let's say we want to allow html tags such as <strong>
in our blog comments, so we render raw output using the Rails method #html_safe: