Skip to content

Instantly share code, notes, and snippets.


Drew Goodwin tacomanator

View GitHub Profile

Keybase proof

I hereby claim:

  • I am tacomanator on github.
  • I am tacomanator ( on keybase.
  • I have a public key ASASnu6rU-Cg3GWbxPl9448xzIuDnaSd_BKQq1kuh289pAo

To claim this, I am signing this object:

View blockstack
View jquery.replaceClasses.js
// Removes all classes beginning with prefix, and replaces them
// with a prefix+suffix class. For example:
// $('#blah').addClass('foobaz');
// $('#blah').replaceClasses('foo', 'baz');
jQuery.fn.replaceClasses = function(prefix, suffix) {
var re = new RegExp('^' + prefix);
return this.each(function() {
var classes = this.className.split(/\s+/);
var newClasses = [];
var i = classes.length;
tacomanator / gist:3127271
Created Jul 17, 2012
Firefox 3D view helps spot application vulnerabilities
View gist:3127271

Firefox 3D view helps spot application vulnerabilities

A colleague and I were checking out the 3D view now built into Firefox. What a nifty way to visualize the page structure! Well, it turns out it also helped us discover a vulnerability in our web app. In particular, a bit of untrusted user input that we forgot to encode before outputting. Read on to find out how.

Why this is important

Care must be taken to encode all untrusted input before displaying it back to the user. Attackers can take advantage of unencoded output to embed malicious tags and run arbitrary scripts on another users' computer. While this is less of a risk when data is not shared among multiple users, one should still carefully encode output.

How 3D view helps

tacomanator / .autotest
Created May 12, 2012
Autotest runner for use with Minitest/Spork/Growl/fsevent. Starts Spork if it's not already running.
View .autotest
require 'socket'
require 'timeout'
def is_port_open?(ip, port)
Timeout::timeout(1) do
s =, port)
return false