Aaron Patterson tenderlove
-
GitHub
- Seattle
- Sign in to view email
- http://tenderlovemaking.com/
tenderlove
/ 5-2-js-helper-xss.patch
Created Mar 19, 2020
View 5-2-js-helper-xss.patch
| From b5aeef5703dab7da9ebb47cc20e4c8b64f7f5866 Mon Sep 17 00:00:00 2001 | |
| From: Aaron Patterson <aaron.patterson@gmail.com> | |
| Date: Thu, 12 Mar 2020 10:25:48 -0700 | |
| Subject: [PATCH] Fix possible XSS vector in JS escape helper | |
| This commit escapes dollar signs and backticks to prevent JS XSS issues | |
| when using the `j` or `javascript_escape` helper | |
| CVE-2020-5267 | |
| --- |
tenderlove
/ render_benchmark.rb
Created Feb 27, 2020
View render_benchmark.rb
| # frozen_string_literal: true | |
| require "active_record" | |
| require "active_record/railties/collection_cache_association_loading" | |
| require "action_controller" | |
| require "action_view" | |
| require "tmpdir" | |
| require "benchmark/ips" | |
| ActionView::PartialRenderer.prepend(ActiveRecord::Railties::CollectionCacheAssociationLoading) |
tenderlove
/ linear_fit.rb
Created Feb 24, 2020
View linear_fit.rb
| # An example of calculating least-squares linear fit | |
| class LinearFit < Struct.new :m, :b, :r | |
| def inspect | |
| "y = #{m.round(2)} x + #{b.round(2)}\n" + | |
| "r = #{r.round(2)}" | |
| end | |
| def self.from_points points | |
| # Calculate Mean |
tenderlove
/ _thing.html.erb
Last active Feb 21, 2020
View _thing.html.erb
| #!/usr/bin/erb | |
| <%= yield %> | |
| #!/usr/bin/env ruby | |
| # frozen_string_literal: true | |
| require "action_controller" | |
| require "action_view" |
tenderlove
/ yamaha-receiver.rb
Last active Aug 16, 2019
View yamaha-receiver.rb
| # Watch Yamaha AV receivers for events | |
| # | |
| # This script watches a Yamaha AV receiver for changes in state. | |
| # It also implements two functions for changing the volume which is a fun | |
| # way to "help" unsuspecting users. | |
| # | |
| # Protocol is here: https://www.sdu.se/pub/yamaha/yamaha-ynca-receivers-protocol.pdf | |
| require "socket" | |
| require "io/wait" |
tenderlove
/ conflict.txt
Created Aug 5, 2019
View conflict.txt
| [aaron@TC ~/git]$ ruby -rminitest/autorun -e' ' | |
| Traceback (most recent call last): | |
| 9: from /Users/aaron/.rbenv/versions/ruby-trunk/lib/ruby/gems/2.7.0/gems/minitest-5.11.3/lib/minitest.rb:63:in `block in autorun' | |
| 8: from /Users/aaron/.rbenv/versions/ruby-trunk/lib/ruby/gems/2.7.0/gems/minitest-5.11.3/lib/minitest.rb:121:in `run' | |
| 7: from /Users/aaron/.rbenv/versions/ruby-trunk/lib/ruby/gems/2.7.0/gems/minitest-5.11.3/lib/minitest.rb:92:in `load_plugins' | |
| 6: from /Users/aaron/.rbenv/versions/ruby-trunk/lib/ruby/gems/2.7.0/gems/minitest-5.11.3/lib/minitest.rb:92:in `each' | |
| 5: from /Users/aaron/.rbenv/versions/ruby-trunk/lib/ruby/gems/2.7.0/gems/minitest-5.11.3/lib/minitest.rb:98:in `block in load_plugins' | |
| 4: from /Users/aaron/.rbenv/versions/ruby-trunk/lib/ruby/2.7.0/rubygems/core_ext/kernel_require.rb:54:in `require' | |
| 3: from /Users/aaron/.rbenv/versions/ruby-trunk/lib/ruby/2.7.0/rubygems/core_ext/kernel_require.rb:54:in `require' | |
| 2: from /Users/aaron/.rbenv/versions/ruby-trunk/lib/ruby/gems/2.7.0/gems/rai |
tenderlove
/ after_patch.csv
Created Jul 31, 2019
View after_patch.csv
| real | cstime | cutime | stime | utime | total | |
|---|---|---|---|---|---|---|
| 47.30989000003319 | 8.122842 | 37.494842999999996 | 0.005576000000000025 | 0.00012099999999998223 | 45.62338199999999 | |
| 49.633449999964796 | 9.02866 | 37.767471 | 0.0045399999999999885 | 0.00013900000000000023 | 46.800810000000006 | |
| 46.255383000010625 | 7.929361999999998 | 37.034392999999994 | 0.0045099999999999585 | 0.000124000000000013 | 44.968388999999995 | |
| 46.28654599993024 | 8.027361000000003 | 36.961467 | 0.004464999999999997 | 0.00012499999999998623 | 44.993418000000005 | |
| 45.782935000024736 | 8.010796999999997 | 36.488111 | 0.004514000000000018 | 0.00012700000000004374 | 44.503549 | |
| 48.835172999999486 | 8.771659 | 37.279645000000016 | 0.004508999999999985 | 0.00012700000000004374 | 46.055940000000014 | |
| 49.2580490000546 | 9.047513000000002 | 37.05552799999998 | 0.00464500000000001 | 0.00013699999999999823 | 46.10782299999998 | |
| 45.05590499995742 | 7.856316000000007 | 36.05048099999999 | 0.0061370000000000036 | 0.00015100000000001224 | 43.913084999999995 | |
| 45.321803999948315 | 7.876872999999989 | 36.332494 | 0.004386999999999974 | 0.00011899999999998023 | 44.21387299999998 |
tenderlove
/ heapviz.rb
Created Jul 26, 2019
View heapviz.rb
| require 'fiddle' | |
| color_iter = DATA.readlines.map(&:chomp).map { |i| | |
| i = i.to_i(16) | |
| [(i >> 16) & 0xFF, (i >> 8) & 0xFF, i & 0xFF, 255] | |
| }.each | |
| SIZEOF_HEAP_PAGE_HEADER_STRUCT = Fiddle::SIZEOF_VOIDP | |
| SIZEOF_RVALUE = 40 |
tenderlove
/ superduper.rb
Last active Jun 28, 2019
View superduper.rb
| require "ast" | |
| class Superduper | |
| class EnumerableAST | |
| include Enumerable | |
| def initialize ast | |
| @ast = ast | |
| end |
tenderlove
/ memory_stuff.rb
Created Jun 4, 2019
View memory_stuff.rb
| # How to measure the size of a method's iseq | |
| require 'objspace' | |
| small_body = (["bar"] * 10).join(" + ") | |
| big_body = (["bar"] * 10_000).join(" + ") | |
| eval "def small(bar); #{small_body}; end" | |
| eval "def big(bar); #{big_body}; end" |
NewerOlder