Skip to content

Instantly share code, notes, and snippets.

Avatar
:octocat:

Eli Grey eligrey

:octocat:
View GitHub Profile
@eligrey
eligrey / node.isConnected-polyfill.js
Last active Feb 4, 2020
Node.isConnected polyfill for IE and EdgeHTML
View node.isConnected-polyfill.js
/*
* Node.isConnected polyfill for IE and EdgeHTML
* 2020-02-04
*
* By Eli Grey, https://eligrey.com
* Public domain.
* NO WARRANTY EXPRESSED OR IMPLIED. USE AT YOUR OWN RISK.
*/
if (!('isConnected' in Node.prototype)) {
@eligrey
eligrey / bypass-csp.js
Last active Nov 26, 2019
Universal CSP bypass exfiltration tool
View bypass-csp.js
// update: this was over-engineered
// just navigate to an HTTP 204 redirect to exfiltrate data
View filename from path regexes.js
const pathFileNameMatcher = /\/?(?<fileName>[^/]+(?<fileExtension>\.[^/.]*)?)\/*$/;
const pathFilePrefixMatcher = /\/?(?<filePrefix>[^/]+)(?<fileExtension>\.[^/.]*)?\/*$/;
'test/foo/|foo|.test.enc/'.match(pathFilePrefixMatcher).groups.filePrefix == '|foo|.test'
const matches = new URL('https://your-url-here/example.txt').pathname.match(pathFileNameMatcher);
const fileName =
(matches && matches.groups && matches.groups.fileName) || 'file';
@eligrey
eligrey / spreadify.once.js
Last active Jul 31, 2019
spreadify: add a universal iterator to any array-like object
View spreadify.once.js
/** Alternative spreadify implementation with `...spreadify.once` */
const spreadify = {
/** Always spread */
*[Symbol.iterator](): any {
delete this[Symbol.iterator];
yield* this.once[Symbol.iterator].call(this);
this[Symbol.iterator] = this.once[Symbol.iterator];
},
once: {
/** Spread once */
@eligrey
eligrey / hash.ts
Last active Oct 2, 2020
Simple cryptographic hashing function for ArrayBuffers in browsers
View hash.ts
/**
* Get the cryptographic hash of an ArrayBuffer
*
* @param ab - ArrayBuffer to digest
* @param algorithm - Cryptographic hash digest algorithm
* @returns Hexadecimal hash digest string
*/
export const hash = async (
algorithm: string,
ab: ArrayBuffer,
@eligrey
eligrey / github-repo-exists.js.md
Last active Feb 24, 2019
GitHub private repository existence disclosure timing attack
View github-repo-exists.js.md

eli submitted a report to GitHub.

Oct 1st

Description:

The X-Runtime-rack header leaks enough timing data to detect the existence of private repositories.

Steps To Reproduce:

@eligrey
eligrey / LICENSE.md
Last active Jan 13, 2018
Universal unsaved changes detector for tab close confirmation. No setup necessary!
View LICENSE.md

This is free and unencumbered software released into the public domain.

Anyone is free to copy, modify, publish, use, compile, sell, or distribute this software, either in source code form or as a compiled binary, for any purpose, commercial or non-commercial, and by any means.

In jurisdictions that recognize copyright laws, the author or authors of this software dedicate any and all copyright interest in the software to the public domain. We make this dedication for the benefit

@eligrey
eligrey / LICENSE.md
Last active Mar 21, 2019
💬 Display an indicator favicon while there are any modified input fields. Try it out on https://eligrey.com
View LICENSE.md

This is free and unencumbered software released into the public domain.

Anyone is free to copy, modify, publish, use, compile, sell, or distribute this software, either in source code form or as a compiled binary, for any purpose, commercial or non-commercial, and by any means.

In jurisdictions that recognize copyright laws, the author or authors of this software dedicate any and all copyright interest in the software to the public domain. We make this dedication for the benefit

View keybase.md

Keybase proof

I hereby claim:

  • I am eligrey on github.
  • I am eligrey (https://keybase.io/eligrey) on keybase.
  • I have a public key whose fingerprint is EE63 3C20 BC4A 88A7 165C 917A 9022 A5E1 114E C7A3

To claim this, I am signing this object:

@eligrey
eligrey / document-body.js
Last active Jun 11, 2016
Workaround for Mozilla bug #1276438 in Firefox
View document-body.js
// Workaround for Mozilla bug #1276438 in Firefox
// See https://bugzilla.mozilla.org/show_bug.cgi?id=1276438
if (!Object.getOwnPropertyDescriptor(Document.prototype, "body"))
Object.defineProperty(Document.prototype, "body", {
enumerable: true
, configurable: true
, get() {
return this.evaluate(
"/*[local-name()='html'][namespace-uri()='http://www.w3.org/1999/xhtml']"
+ "/*[local-name()='body'][namespace-uri()='http://www.w3.org/1999/xhtml']"
You can’t perform that action at this time.