Skip to content

Instantly share code, notes, and snippets.

View jvennix-r7's full-sized avatar

jvennix-r7

49 followers · 0 following
View GitHub Profile
@jvennix-r7
jvennix-r7 / gist:7015084
Created October 16, 2013 21:19
<form onsubmit="return (this.username.value != '');">
<input name="username" type="text" />
</form>
@jvennix-r7
jvennix-r7 / gist:7572570
Created November 20, 2013 22:48
My public GPG key
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
mQINBFKNO88BEADpvKY+Nr5vtqLS8J04Q24wAyzf6cWmimd9rhvrlBpYERpE6PH6
pp7lOPKMaJxH7XRnHZBHYYPPQoYaGbeoiUj7wzFZowjim1GGLl7/hKQpWqXxxNEI
SdzWrSmdCTDlRc/wqO29UhXDfcWpG7/Y87T1QjFkZIA8e943rkoZlKAKZjEmgIr6
j1KvGZMcOaPu9LxCNPo1LViPaRfPWXXbk9GdTYPdHnLFBO5aH9UOSs3k9njxu4dx
NX/Z8LC3vUJn+wwQIprn07c9wGyr6O9HLLE6mcZWw85uC/AWGy6KuYrkocBoXHGD
+IiJMH92hQC+kDw+wQzWu9co9eES2jB6mITi5o15EUWLVQbfi15jWsgim//LpBzg
@jvennix-r7
jvennix-r7 / gist:8151392
Last active January 1, 2016 13:29
Universal patch for rails RJS XSS issue (see http://homakov.blogspot.com/2013/11/rjs-leaking-vulnerability-in-multiple.html). The only downside here is that your app will break for users behind proxies that strip referers. Additionally, this patch will not work for you if you plan on serving cross-domain javascripts (e.g. for a hosted javascript…
# This patch adds a before_filter to all controllers that prevents xdomain
# .js requests from being rendered successfully.
module RemoteJavascriptRefererCheck
extend ActiveSupport::Concern
included do
require 'uri'
before_filter :check_rjs_referer, :if => ->(controller) { controller.request.format.js? }
end