Skip to content

Instantly share code, notes, and snippets.

@jvennix-r7
jvennix-r7 / gist:8151392
Last active Jan 1, 2016
Universal patch for rails RJS XSS issue (see http://homakov.blogspot.com/2013/11/rjs-leaking-vulnerability-in-multiple.html). The only downside here is that your app will break for users behind proxies that strip referers. Additionally, this patch will not work for you if you plan on serving cross-domain javascripts (e.g. for a hosted javascript…
View gist:8151392
# This patch adds a before_filter to all controllers that prevents xdomain
# .js requests from being rendered successfully.
module RemoteJavascriptRefererCheck
extend ActiveSupport::Concern
included do
require 'uri'
before_filter :check_rjs_referer, :if => ->(controller) { controller.request.format.js? }
end
@jvennix-r7
jvennix-r7 / gist:7572570
Created Nov 20, 2013
My public GPG key
View gist:7572570
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
mQINBFKNO88BEADpvKY+Nr5vtqLS8J04Q24wAyzf6cWmimd9rhvrlBpYERpE6PH6
pp7lOPKMaJxH7XRnHZBHYYPPQoYaGbeoiUj7wzFZowjim1GGLl7/hKQpWqXxxNEI
SdzWrSmdCTDlRc/wqO29UhXDfcWpG7/Y87T1QjFkZIA8e943rkoZlKAKZjEmgIr6
j1KvGZMcOaPu9LxCNPo1LViPaRfPWXXbk9GdTYPdHnLFBO5aH9UOSs3k9njxu4dx
NX/Z8LC3vUJn+wwQIprn07c9wGyr6O9HLLE6mcZWw85uC/AWGy6KuYrkocBoXHGD
+IiJMH92hQC+kDw+wQzWu9co9eES2jB6mITi5o15EUWLVQbfi15jWsgim//LpBzg
View gist:7015084
<form onsubmit="return (this.username.value != '');">
<input name="username" type="text" />
</form>
You can’t perform that action at this time.