Skip to content

Instantly share code, notes, and snippets.

Mathias Bynens mathiasbynens

Block or report user

Report or block mathiasbynens

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@mathiasbynens
mathiasbynens / escape.js
Created Jun 26, 2019
Escaping JSON-stringified data for use as a JavaScript string literal
View escape.js
// This object contains a string value that in contains a single quote,
// a double quote, a backtick, and a backslash.
const data = { foo: `a'b"c\`d\\e` };
// Turn the data into its JSON-stringified form.
const json = JSON.stringify(data);
// Now, we want to insert the data into a script body as a JavaScript
// string literal per https://v8.dev/blog/cost-of-javascript-2019#json,
// escaping special characters like `"` in the data.
View output.txt
http://AI./
└ IP: 209.59.119.34
http://ARAB./
└ IP: 127.0.53.53
http://BH./
└ IP: 10.10.10.10
http://CM./
└ IP: 195.24.205.60
http://DK./
└ IP: 193.163.102.58
@mathiasbynens
mathiasbynens / .gitignore
Last active May 8, 2019
Unicode version diff for ECMAScript
View .gitignore
node_modules
package-lock.json
View find-new-Lo-code-points.js
const compare = (versionA, versionB) => {
// TODO: Does there exist a path for which every single Unicode version
// gets new entries? If so, use that instead.
const path = 'General_Category/Other_Letter';
const before = new Set(require(
`unicode-${ versionA }/${ path }/code-points.js`
));
const after = require(
`unicode-${ versionB }/${ path }/code-points.js`
);
View web-platform-status-links.md
View get-hsts-preload-list.sh
#!/usr/bin/env bash
# https://code.google.com/p/chromium/issues/detail?id=226801
url='https://chromium.googlesource.com/chromium/src/net/+/master/http/transport_security_state_static.json?format=TEXT';
curl -#s "${url}" | \
base64 --decode | \
sed '/^ *\/\// d' | \
sed '/^\s*$/d' > hsts.json;
@mathiasbynens
mathiasbynens / bf.js
Created Jul 17, 2015
How many hex-formatted Unicode code points can be mistaken for a number in scientific notation? Which ones are those? https://twitter.com/tabatkins/status/621440178087960576
View bf.js
'use strict';
const pad = function(string) {
const totalCharacters = 4;
return string.length < totalCharacters ?
(Array(totalCharacters + 1).join('0') + string).slice(-totalCharacters) :
string;
}
const UNICODE_MIN = 0x0;
@mathiasbynens
mathiasbynens / README.md
Last active May 26, 2019
Superfish certificate
View README.md
View output.txt
[\x80-\uD7FF\uDC00-\uFFFF]|[\uD800-\uDBFF][\uDC00-\uDFFF]|[\uD800-\uDBFF]
View README.md

Someone tried to exploit the Shellshock vulnerability in Bash on lodash.com, likely as part of a mass-exploit attempt.

In this case, the exploit attempted to download a modified version of @schierlm’s pseudo-terminal Perl script that would connect to 72.167.37.182 on port 23. The download URL contains the targeted host name (?h=lodash.com) which gives the attacker an indication of which hosts might have the /tmp/a.pl backdoor in place.

You can’t perform that action at this time.