tedpennings
/ gist:4483687
Last active
December 10, 2015 19:48
Two security primary concerns for JSON
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "user": | |
| { | |
| "name": "Johnny Walker", | |
| "occupation": "Distiller", | |
| "location": (function() { alert("XSS 1!"); return "somewhere"})(), | |
| "_location_comment": "Once parsed unsafely, the location XSS will run automatically, as a self-executing function. JSON.parse can help with this, and jQuery's $.parseJSON uses it by default (as do $.ajax, etc)", | |
| "bio": "<script type='text/javascript'>alert('XSS 2!');</script>", | |
| "_bio_comment": "This XSS will execute once it is added to the DOM, if not properly escaped before adding it. This is more of a persistent kind of XSS attack, typically from poor input validation on server side." | |
| } |
tedpennings
/ gist:1435060
Created
December 5, 2011 19:52
When people call Java a noisy language, they are talking about the following
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| private boolean parameterListsConflict(Map<String, String> map1, | |
| Map<String, String> map2) { | |
| if (map1.equals(map2)) { | |
| return true; | |
| } | |
| if (map1.size() > map2.size()) { | |
| return largerMapContainsAllEntriesInSmallerMap(map1, map2); | |
| } else { | |
| return largerMapContainsAllEntriesInSmallerMap(map2, map1); | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (ns stm-demo | |
| (:import (java.util.concurrent TimeUnit Executors ScheduledExecutorService))) | |
| ;; concurrency basics | |
| (def scheduler (Executors/newScheduledThreadPool 3)) | |
| scheduler | |
| (class scheduler) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import java.io.BufferedReader; | |
| import java.io.File; | |
| import java.io.FileInputStream; | |
| import java.io.FileNotFoundException; | |
| import java.io.IOException; | |
| import java.io.InputStream; | |
| import java.io.InputStreamReader; | |
| import java.math.BigDecimal; | |
| import java.math.RoundingMode; | |
| import java.util.ArrayList; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (ns algorithms.hashtable) | |
| ; This is a programming assignment from my CS algorithms class. | |
| (defn create-table [size] | |
| (let [empty-table (hash-map)] | |
| (loop [current 0 | |
| table empty-table] | |
| (if (> size current) | |
| (recur (inc current) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (def certainty 5) | |
| (defn prime? [n] | |
| (if (= n 1) | |
| true | |
| (.isProbablePrime (BigInteger/valueOf n) certainty))) | |
| (take 10001 | |
| (filter prime? | |
| (take-nth 2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (defn power-of? [power number] | |
| "Returns true if a number is a power of another number, eg, | |
| (power-of? 5 25) => true | |
| (power-of? 5 26) => false" | |
| (= | |
| (mod | |
| (/ | |
| (Math/log number) | |
| (Math/log power) ) | |
| 1 ) |
tedpennings
/ fail.jspx
Created
September 19, 2011 19:55
Whenever you have code that looks like this, you're doing it wrong. Your language has failed you.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <p>Modifying version ${dto.versionToExpire}. Currently, effective | |
| ${feature.featureVersions[dto.versionToExpire].effectiveRange.startDate} to | |
| ${feature.featureVersions[dto.versionToExpire].effectiveRange.endDate}</p> |
tedpennings
/ gist:1087981
Created
July 17, 2011 19:44
Render Handlebars templates from a server-side resource with caching to session storage
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * This decorates Handlebars.js with the ability to load | |
| * templates from an external source, with light caching. | |
| * | |
| * To render a template, pass a closure that will receive the | |
| * template as a function parameter, eg, | |
| * T.render('template-name', function(t) { | |
| * $('#somediv').html( t() ); | |
| * }); | |
| */ |
NewerOlder