Skip to content

Instantly share code, notes, and snippets.

Avatar

Mathias Bynens mathiasbynens

View GitHub Profile
@mathiasbynens
mathiasbynens / escape.js
Created Jun 26, 2019
Escaping JSON-stringified data for use as a JavaScript string literal
View escape.js
// This object contains a string value that in contains a single quote,
// a double quote, a backtick, and a backslash.
const data = { foo: `a'b"c\`d\\e` };
// Turn the data into its JSON-stringified form.
const json = JSON.stringify(data);
// Now, we want to insert the data into a script body as a JavaScript
// string literal per https://v8.dev/blog/cost-of-javascript-2019#json,
// escaping special characters like `"` in the data.
View output.txt
http://AI./
└ IP: 209.59.119.34
http://ARAB./
└ IP: 127.0.53.53
http://BH./
└ IP: 10.10.10.10
http://CM./
└ IP: 195.24.205.60
http://DK./
└ IP: 193.163.102.58
@mathiasbynens
mathiasbynens / .gitignore
Last active Mar 11, 2020
Unicode version diff for ECMAScript
View .gitignore
node_modules
package-lock.json
View find-new-Lo-code-points.js
const compare = (versionA, versionB) => {
// TODO: Does there exist a path for which every single Unicode version
// gets new entries? If so, use that instead.
const path = 'General_Category/Other_Letter';
const before = new Set(require(
`unicode-${ versionA }/${ path }/code-points.js`
));
const after = require(
`unicode-${ versionB }/${ path }/code-points.js`
);
View web-platform-status-links.md
View get-hsts-preload-list.sh
#!/usr/bin/env bash
# https://code.google.com/p/chromium/issues/detail?id=226801
url='https://chromium.googlesource.com/chromium/src/net/+/master/http/transport_security_state_static.json?format=TEXT';
curl -#s "${url}" | \
base64 --decode | \
sed '/^ *\/\// d' | \
sed '/^\s*$/d' > hsts.json;
@mathiasbynens
mathiasbynens / bf.js
Created Jul 17, 2015
How many hex-formatted Unicode code points can be mistaken for a number in scientific notation? Which ones are those? https://twitter.com/tabatkins/status/621440178087960576
View bf.js
'use strict';
const pad = function(string) {
const totalCharacters = 4;
return string.length < totalCharacters ?
(Array(totalCharacters + 1).join('0') + string).slice(-totalCharacters) :
string;
}
const UNICODE_MIN = 0x0;
@mathiasbynens
mathiasbynens / README.md
Last active Feb 5, 2020
Superfish certificate
View README.md
View output.txt
[\x80-\uD7FF\uDC00-\uFFFF]|[\uD800-\uDBFF][\uDC00-\uDFFF]|[\uD800-\uDBFF]
View README.md

Someone tried to exploit the Shellshock vulnerability in Bash on lodash.com, likely as part of a mass-exploit attempt.

In this case, the exploit attempted to download a modified version of @schierlm’s pseudo-terminal Perl script that would connect to 72.167.37.182 on port 23. The download URL contains the targeted host name (?h=lodash.com) which gives the attacker an indication of which hosts might have the /tmp/a.pl backdoor in place.

You can’t perform that action at this time.