Skip to content

Instantly share code, notes, and snippets.

View mozfreddyb's full-sized avatar

Frederik Braun mozfreddyb

98 followers · 0 following
View GitHub Profile
@mozfreddyb
mozfreddyb / random_string.js
Created April 15, 2016 09:32
generate random strings, e.g., for passwords
/*
in one line for bookmarkletts:
javascript:!function(){"use strict";function r(){var r=new Uint8Array(n);window.crypto.getRandomValues(r);var r=Array.apply([],r);return r=r.filter(function(r){return r>32&&127>r}),String.fromCharCode.apply(String,r)}for(var n=50,t=20,a=r();a.length<t;)a+=r();prompt("",a)}();
*/
(function() {
"use strict";
var MAXLEN=50; /* tweak this */
var MINLEN=20;
function genString() {
@mozfreddyb
mozfreddyb / vimdiff.md
Last active December 13, 2022 11:57 — forked from mattratleph/vimdiff.md
vimdiff cheat sheet

vimdiff cheat sheet

git mergetool

In the middle file (future merged file), you can navigate between conflicts with ]c and [c.

Choose which version you want to keep with :diffget //2 or :diffget //3 (the //2 and //3 are unique identifiers for the target/master copy and the merge/branch copy file names).

:diffupdate (to remove leftover spacing issues)

:only (once you’re done reviewing all conflicts, this shows only the middle/merged file)

@mozfreddyb
mozfreddyb / add-ca-cert.js
Created July 10, 2017 12:09
privileged JS for Firefox to add a certificate as a trusted CA
if (typeof Cc == "undefined") { Cc = Components.classes; }
if (typeof Cu == "undefined") { Cu = Components.utils; }
if (typeof Ci == "undefined") { Ci = Components.interfaces; }
const nsX509CertDB = "@mozilla.org/security/x509certdb;1";
const nsIX509Cert = Ci.nsIX509Cert;
const nsIX509CertDB = Ci.nsIX509CertDB;
const certdb = Cc[nsX509CertDB].getService(nsIX509CertDB);
let certstring = `-----BEGIN CERTIFICATE-----
@mozfreddyb
mozfreddyb / foo.js
Last active February 22, 2021 12:37
turn searchfox results object into audit spreadsheet
/* This script can be run on a searchfox.org results page as it is.
* the results.normal from line 9 is already in global scope and can be iterated as it is
* Note that this "results.normal" does /not/ include occurences in tests or generated code.
* Use other properties of the "results" object instead, if you need these.
*/
// objkey is something like "Uses (searchterm)"
objkey = Object.keys(results.normal)[0];
occs = results.normal[objkey];
t = [];
@mozfreddyb
mozfreddyb / csmlogparser.py
Last active January 27, 2021 14:44
parse entries from MOZ_LOG CSMLog entries
#!/usr/bin/env python3
import yaml
import sys
from functools import reduce
def lines_into_blocks():
consume_into_block = False
block = []
@mozfreddyb
mozfreddyb / principals-reference.md
Last active August 3, 2020 11:29
reference sheet for principals in mozilla code

Reference Sheet for Principals in Mozilla Code

Note: This is the "reference sheet" version. The details and the big picture are covered in Understanding Web Security Checks in Firefox (Part 1).

Principals as a level of privilege

A security context is always using one of these four kinds of Principals:

  • ContentPrincipal: This principal is used for typical web pages and can be serialized to an origin URL, e.g., https://example.com/
  • NullPrincipal: Some pages are never same-origin with anything else. E.g., <iframes sandbox> or documents loaded with a data: URI. The standard calls this an opaque origin.
  • SystemPrincipal: The SystemPrincipal is used for the browser's user interface, commonly referred to as "browser chrome". Pages like about:preferences use the SystemPrincipal.
@mozfreddyb
mozfreddyb / innerhtml-hook.js
Last active November 6, 2019 08:55
inspect assignments to innerHTML
/* inject via
ppmm.loadFrameScript("data:,<js source>", true);
(where ppmm is the message manager, e.g. in shell.js)
framescript documentation explains why this works[1] and
the message manager docs[2] explain that the parent process
manager defined as ppmm in shell.js[3] can be used.
[1] https://developer.mozilla.org/en-US/Firefox/Multiprocess_Firefox/Frame_script_loading_and_lifetime
@mozfreddyb
mozfreddyb / weekly_release.py
Created August 14, 2019 14:02 — forked from alicegoldfuss/weekly_release.py
Weekly Release Script
#!/usr/local/bin/python3
import requests
import json
from twilio.rest import Client
HEADERS = {'Accept': 'application/vnd.github.inertia-preview+json'}
GH_TOKEN = "XXX" # Your auth token from https://github.com/settings/tokens
TW_SID = "XXX" # Your Account SID from twilio.com/console
TW_TOKEN = "XXX" # Your Auth Token from twilio.com/console
@mozfreddyb
mozfreddyb / log.txt
Created December 10, 2018 08:36
content security data for top level load of about:addons (plus some extra in between
[Parent 10611: Main Thread]: D/CSMLog doContentSecurityCheck {
[Parent 10611: Main Thread]: D/CSMLog channelURI: about:addons
[Parent 10611: Main Thread]: D/CSMLog loadingPrincipal: nullptr
[Parent 10611: Main Thread]: D/CSMLog triggeringPrincipal: SystemPrincipal
[Parent 10611: Main Thread]: D/CSMLog principalToInherit: NullPrincipal
[Parent 10611: Main Thread]: D/CSMLog RedirectChain:
[Parent 10611: Main Thread]: D/CSMLog internalContentPolicyType: 6
[Parent 10611: Main Thread]: D/CSMLog externalContentPolicyType: 6
[Parent 10611: Main Thread]: D/CSMLog upgradeInsecureRequests: false
@mozfreddyb
mozfreddyb / log.txt
Created December 10, 2018 08:34
content security data for a top level about:blank load
[Child 10890: Main Thread]: D/CSMLog doContentSecurityCheck {
[Child 10890: Main Thread]: D/CSMLog channelURI: about:blank
[Child 10890: Main Thread]: D/CSMLog loadingPrincipal: nullptr
[Child 10890: Main Thread]: D/CSMLog triggeringPrincipal: SystemPrincipal
[Child 10890: Main Thread]: D/CSMLog principalToInherit: NullPrincipal
[Child 10890: Main Thread]: D/CSMLog RedirectChain:
[Child 10890: Main Thread]: D/CSMLog internalContentPolicyType: 6
[Child 10890: Main Thread]: D/CSMLog externalContentPolicyType: 6
[Child 10890: Main Thread]: D/CSMLog upgradeInsecureRequests: false
[Child 10890: Main Thread]: D/CSMLog initalSecurityChecksDone: false