Skip to content

Instantly share code, notes, and snippets.


Mathias Bynens mathiasbynens

View GitHub Profile
mathiasbynens / escape.js
Created Jun 26, 2019
Escaping JSON-stringified data for use as a JavaScript string literal
View escape.js
// This object contains a string value that in contains a single quote,
// a double quote, a backtick, and a backslash.
const data = { foo: `a'b"c\`d\\e` };
// Turn the data into its JSON-stringified form.
const json = JSON.stringify(data);
// Now, we want to insert the data into a script body as a JavaScript
// string literal per,
// escaping special characters like `"` in the data.
View output.txt
└ IP:
└ IP:
└ IP:
└ IP:
└ IP:
mathiasbynens / .gitignore
Last active Sep 26, 2021
Unicode version diff for ECMAScript
View .gitignore
View find-new-Lo-code-points.js
const compare = (versionA, versionB) => {
// TODO: Does there exist a path for which every single Unicode version
// gets new entries? If so, use that instead.
const path = 'General_Category/Other_Letter';
const before = new Set(require(
`unicode-${ versionA }/${ path }/code-points.js`
const after = require(
`unicode-${ versionB }/${ path }/code-points.js`
#!/usr/bin/env bash
curl -#s "${url}" | \
base64 --decode | \
sed '/^ *\/\// d' | \
sed '/^\s*$/d' > hsts.json;
mathiasbynens / bf.js
Created Jul 17, 2015
How many hex-formatted Unicode code points can be mistaken for a number in scientific notation? Which ones are those?
View bf.js
'use strict';
const pad = function(string) {
const totalCharacters = 4;
return string.length < totalCharacters ?
(Array(totalCharacters + 1).join('0') + string).slice(-totalCharacters) :
const UNICODE_MIN = 0x0;
mathiasbynens /
Last active Nov 10, 2020
Superfish certificate
View output.txt

Someone tried to exploit the Shellshock vulnerability in Bash on, likely as part of a mass-exploit attempt.

In this case, the exploit attempted to download a modified version of @schierlm’s pseudo-terminal Perl script that would connect to on port 23. The download URL contains the targeted host name (? which gives the attacker an indication of which hosts might have the /tmp/ backdoor in place.