Skip to content

Instantly share code, notes, and snippets.

View kkurni's full-sized avatar

Kurniawan Kurniawan kkurni

View GitHub Profile
@kkurni
kkurni / kk-example-angularjs-cors
Last active September 25, 2018 18:13
CORS Demo with Angular JS
var AngularJSApp = angular.module("AngularJSApp", ["ngResource", "ngSanitize"])
.config(function ($routeProvider, $httpProvider) {
$routeProvider.
when('/', { controller: NavigationCtrl, templateUrl: 'navigation.html' }).
when('/feedback', { controller: FeedbackCtrl, templateUrl: 'feedback.html' }).
otherwise({ redirectTo: '/' });
$httpProvider.defaults.withCredentials = true;
delete $httpProvider.defaults.headers.common["X-Requested-With"];
@kkurni
kkurni / xss-attack-double-open-brackets.html
Created October 18, 2013 04:28
example of double open brackets xss attacks
//Double open angle brackets
//Using an open angle bracket at the end of the vector instead of a close angle bracket causes different behavior in Netscape //Gecko rendering. Without it, Firefox will work but Netscape won't:
<iframe src=http://ha.ckers.org/scriptlet.html <
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Reflection;
using Microsoft.CSharp.RuntimeBinder;
using System.Runtime.CompilerServices;
namespace ConsoleApplication2
{
class Program
@kkurni
kkurni / GetSchemaMockup.cs
Last active January 26, 2016 06:52
GetSchemaMockup
using System;
using System.Collections.Generic;
using System.Collections.ObjectModel;
namespace SchemaMockup.Console
{
using System.Data.Common;
using System.Data.SqlClient;
using PostgreClient;
using System;
using System.Data;
using System.Data.SqlClient;
public class Program
{
public static void Main()
{
Console.WriteLine("Run");
TestConnectionString("your connection string");
@kkurni
kkurni / DynamicModel
Last active January 1, 2016 23:09
This is Dynamic custom model t which useful to create object graph where you want your object to be very flexible such as in razor template use cases
public class DynamicModel : DynamicObject
{
private readonly bool _isStrictGet;
public IDictionary<string, object> _dict;
public DynamicModel(string objectName = null, IDictionary<string, object> dict = null, bool isStrictGet = false)
{
ObjectName = objectName;
_dict = dict ?? new Dictionary<string, object>();
_isStrictGet = isStrictGet;
@kkurni
kkurni / DynamicModelMapper
Last active January 1, 2016 19:48
Dynamic Model mapper will convert dictionary<string,string> into proper object, it is very useful for razor engine. for example you can define Model.Parent.Child as a key and you can parse it to your favourite razor engine
public DynamicModel Convert(Dictionary<string, string> dictionary, bool isStrictGet)
{
var customDynamicObject = new DynamicModel(isStrictGet: isStrictGet);
foreach (var key in dictionary.Keys)
{
AddValueToExpandoRecursive(customDynamicObject, key, dictionary[key], isStrictGet);
}
return customDynamicObject;
@kkurni
kkurni / AntiXSSValidator.cs
Last active December 25, 2015 20:39
AntiXSS validator for public API. This will allow special characters but will block XSS attacks. allow < ; | () but block any attacks from these list https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
using Microsoft.VisualStudio.TestTools.UnitTesting;
using SEEK.Employment.Profile.API.Validation;
public class AntiXssValidator : IAntiXssValidator
{
public static string[] XSSTagStringsForDoubleOpening = {"iframe",
"script",
"style",
"input"
@kkurni
kkurni / angular.placeholder.js
Last active December 25, 2015 18:09
Angular Placeholder for IE8/9 Support which compatible with validation attribute (e.g required)
MyApp.directive('placeholder', function($timeout) {
return {
restrict: 'A',
require: 'ngModel',
link: function(scope, element, attr, ctrl) {
//check whether it support placeholder and cache it
scope.supportsPlaceholders = scope.supportsPlaceholders || function() {
return "placeholder" in document.createElement("input");
};
* {
padding: 0;
margin: 0;
}
body {
font-size: 14px;
font-family: Georgia, "Bitstream Charter", serif;
color: #333333;
text-align: center;