Neil Matatall oreoshake

## canvas-exif-stripper.html
<input type="file" id="input"><br>
<img id="output">
<canvas id="canvas" style="display:none"></canvas>

<script>
  // from http://stackoverflow.com/questions/19032406/convert-html5-canvas-into-file-to-be-uploaded
  function uploadCanvas(dataURL) {
    var blobBin = atob(dataURL.split(',')[1]);
    var array = [];
    for(var i = 0; i < blobBin.length; i++) {

## iz_i_vulnerable.rb
require 'rubygems'
require 'octokit'
require 'bundler/audit/cli'
require 'bundler/audit/database'
require 'parallel'

Bundler::Audit::CLI.new.update

ORG = ARGV[0] || "github"

## ddd
ddd

## thoughts.md

      
              1 file
            
          
              0 forks
            
          
              1 comment
            
          
              0 stars
            
          
                oreoshake
                / thoughts.md
            
            
              Last active
              January 3, 2016 21:01
            
              
                Feedback for https://github.com/paragonie/csp-builder
              
          
    Credentials: I created the secure_headers library which essentially does the same thing. I also built the scala library in use at twitter today.
secure_headers used to have to_json/from_json functionality (pull request) but I removed it when I rewrote the library (for use at GitHub). This implementation would not be compatible with my implementation which was inspired by this proposal.
JSON structure

I think it would be better to collapse all directive source lists to a flat structure. i.e. instead of having sub elements for "allow" (an array), "self" (boolean), "unsafe-inline" (boolean), "unsafe-eval" (boolean), just have a directive accept an array containing those values. This model matches the spec more closely and in my experience just creates more confusion. While it does have the benefit of validation (against types like unsafe-inli

  
## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                oreoshake
                / keybase.md
            
            
              Created
              April 5, 2016 22:42
            
          
    Keybase proof

I hereby claim:

I am oreoshake on github.
I am oreoshake (https://keybase.io/oreoshake) on keybase.
I have a public key ASD4N6g__7GEtuosEF4aKnCo2xivSd0DBYPcuzSKD4HQbgo

To claim this, I am signing this object:

  
## paranoidmode.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                oreoshake
                / paranoidmode.md
            
            
              Last active
              April 23, 2016 17:37
            
              
                An idea for a terrible feature that dreams of becoming a reality (Maybe 5 sites on the internet would work, including GitHub)
              
          
No inline script
no eval
no mixed content
https required
no referrer leaks
no tabnabbing
no cross origin framing
no cross window/tab references
no unpinned certs
no non-Sri resources


## output
[Neils-MacBook-Pro rails (master *>)]$ rbenv rehash
[Neils-MacBook-Pro rails (master *>)]$ which rails
/Users/neil/.rbenv/shims/rails
[Neils-MacBook-Pro rails (master *>)]$ which gem
/Users/neil/.rbenv/shims/gem
[Neils-MacBook-Pro rails (master *>)]$ rails -v
Rails 4.2.6
[Neils-MacBook-Pro rails (master *>)]$ gem uninstall rails

Select gem to uninstall:

## chatops.rb
#!/usr/bin/env shell-ruby
#/ Usage: gh-bounty-writeup hackerone_issue_id github_username [issues_repo] [writeup_repo]
#/

require "bounty"

raise("HACKERONE_TOKEN must be set") unless ENV["HACKERONE_TOKEN"]
raise("HACKERONE_TOKEN_NAME must be set") unless ENV["HACKERONE_TOKEN_NAME"]

usage = File.read(__FILE__).lines[1][3..-1]

## gemnasium_support.rb
require 'octokit'
require 'parallel'

DEPENDENCY_FILES = %w(
  Gemfile
  Gemfile.lock
  package.json
  bower.json
  composer.json
  requirements.txt

## test.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                oreoshake
                / test.md
            
            
              Last active
              July 8, 2016 20:24
            
          
    asdffffff
	<input type="file" id="input"><br>
	<img id="output">
	<canvas id="canvas" style="display:none"></canvas>

	<script>
	// from http://stackoverflow.com/questions/19032406/convert-html5-canvas-into-file-to-be-uploaded
	function uploadCanvas(dataURL) {
	var blobBin = atob(dataURL.split(',')[1]);
	var array = [];
	for(var i = 0; i < blobBin.length; i++) {
	require 'rubygems'
	require 'octokit'
	require 'bundler/audit/cli'
	require 'bundler/audit/database'
	require 'parallel'

	Bundler::Audit::CLI.new.update

	ORG = ARGV[0] \|\| "github"
	[Neils-MacBook-Pro rails (master *>)]$ rbenv rehash
	[Neils-MacBook-Pro rails (master *>)]$ which rails
	/Users/neil/.rbenv/shims/rails
	[Neils-MacBook-Pro rails (master *>)]$ which gem
	/Users/neil/.rbenv/shims/gem
	[Neils-MacBook-Pro rails (master *>)]$ rails -v
	Rails 4.2.6
	[Neils-MacBook-Pro rails (master *>)]$ gem uninstall rails

	Select gem to uninstall:
	#!/usr/bin/env shell-ruby
	#/ Usage: gh-bounty-writeup hackerone_issue_id github_username [issues_repo] [writeup_repo]
	#/

	require "bounty"

	raise("HACKERONE_TOKEN must be set") unless ENV["HACKERONE_TOKEN"]
	raise("HACKERONE_TOKEN_NAME must be set") unless ENV["HACKERONE_TOKEN_NAME"]

	usage = File.read(__FILE__).lines[1][3..-1]
	require 'octokit'
	require 'parallel'

	DEPENDENCY_FILES = %w(
	Gemfile
	Gemfile.lock
	package.json
	bower.json
	composer.json
	requirements.txt