Skip to content

Instantly share code, notes, and snippets.

View eligrey's full-sized avatar
:octocat:

Eli Grey eligrey

:octocat:
View GitHub Profile
@eligrey
eligrey / persist-text-input.user.js
Last active December 4, 2024 00:24
Persist text input userscript
// ==UserScript==
// @name Persist text input
// @description Persists input in text fields between navigations
// @author Eli Grey, The Chromium Authors
// @namespace https://eligrey.com
// @version 1.0.0
// @match *://*/*
// @grant none
// @run-at document-end
// @charset UTF-8
@eligrey
eligrey / matchCSPEntry.ts
Created May 7, 2024 19:47
matchCSPEntry screenshot
/**
* Determine if a URL matches a CSP entry data flow, using native browser CSP
* capabilities.
*
* @param cspEntry - CSP entry data flow string
* @param url - A URL to check
* @returns True if the URL matches the data flow, otherwise false
*/
export const matchCSPEntry = (cspEntry: string, url: URL): Promise<boolean> =>
new Promise((resolve) => {
@eligrey
eligrey / plagiarists.md
Last active October 6, 2024 07:09
Google employees known for plagiarism
@eligrey
eligrey / airgap.js-optimized-url-parser-screenshot.ts
Created April 19, 2024 05:57
airgap.js optimized URL parser screenshot
/**
* Parses potentially stringifiable URL input into a URL instance and returns null if the input is
* an invalid URL or if the input is a data URI, as processing those uses significant resources and we
* don't need to regulate them anyway.
*
* Implemented with four tiers:
* 1. fastest: URL.parse()
* 2. second fastest: URLPattern validation + new URL()
* 3. fast for absolute URLs: DOM validation + new URL() for absolute URLs / try...catch new URL() for relative URLs
* 4. slowest: try...catch new URL()
@eligrey
eligrey / url-parse-polyfill.ts
Last active October 15, 2024 07:12
Fast URL.parse polyfill
/**
* Fast URL.parse() polyfill
* By Eli Grey, https://eligrey.com
*
* Copyright © 2024 Transcend Inc.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
@eligrey
eligrey / interventions.ts
Last active September 1, 2023 23:54
lock well-known built-in JS iterable prototypes
const freezeProp = <T = any>(
object: T,
property: string | symbol | number,
value = (object as any)[property],
): T =>
Object.defineProperty(object, property, {
value,
configurable: false,
writable: false,
enumerable: false,
@eligrey
eligrey / uri-validator.ts
Created September 25, 2021 19:50
URL validation utilities
/**
* Validate potentially relative URL
*
* @param input - URL to validate
* @returns true if URL is valid and doesn't need additional encoding
*/
const isValidURL = (input: string): boolean => {
try {
const { href, pathname, host, origin } = new globalThis.URL(
input,
@eligrey
eligrey / example.ts
Last active April 12, 2022 05:10
Simple language matcher
import { matchLanguages, getNearestSupportedLanguage } from './match-languages';
const supportedLanguages = ['en-GB', 'fr'];
console.log('navigator.languages: ', navigator.languages);
const matches = matchLanguages(navigator.languages, supportedLanguages);
console.log('preferred language matches:', matches);
const nearest = getNearestSupportedLanguage(matches, supportedLanguages);
console.log('nearest matching supported language:', nearest);
@eligrey
eligrey / host-validator.ts
Last active March 21, 2023 23:02
URL host validation utility
/**
* Validate URL host
*
* This supports domain names, IDN domain names, IPv4, and IPv6 addresses.
*
* Intentional spec incompatibilities:
* - Blank hosts ('') and blank FQDN hosts ('.') are considered invalid.
*
* @param host - Host to validate
* @returns true if host is valid and doesn't need additional encoding
@eligrey
eligrey / challenge.js
Last active February 15, 2021 00:53
Secure user-initiated click isTrusted attestation challenge — https://go.eligrey.com/t/event-isTrusted-challenge
// @ts-nocheck
//
// User-initiated click isTrusted attestation challenge:
//
// Secure this 'click' event listener from synthetic clicks
// while working in a prototype pollution superfund site.
//
// addEventListener() has been been backdoored.
//