The following attack will display a "you've been signed out" page for GMail, and attempt to steal your account credentials.
DO NOT PUT ANY ACCOUNT CREDENTIALS INTO ANY TABS CREATED AFTER VISITING THESE LINKS :)
I received an email in my GMail inbox with a fake attachment image, styled to look like the real GMail attachment UI:
This linked to a page that ended up displaying a fake "you've been signed out" link, via the data:text/html...
URL feature of Chrome:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# run on source machine to build and then copy over | |
set -eo pipefail | |
main() { | |
if [[ -z $SKIP_BUILD ]]; then | |
grunt build | |
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// takes a collection, a variable length list of fns, and a function | |
// | |
// for each item in the collection the list of fns that returns a value or values | |
// is called, with the output from the first function being threaded into the second. | |
// | |
// it won't blow the stack. | |
// | |
// e.g | |
// | |
// util.nestedLoops([ { items: [{ name: "bob"}, {name: "sue"}] } ], _.property("items"), _.property("name"), function(group, item, name) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// read a list of strings which are enclosed in quotes. ignores whitespace (= anything outside quotes) | |
function readQuoted(s) { | |
var i = 0; | |
var quote = false; | |
var strs = []; | |
var str = ""; | |
var c; | |
while(c = s[i++]) { | |
if(quote) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* if a directive has a need to collaborate with | |
* an element up the tree, use this to make that | |
* relationship explicit and testable | |
* | |
* ```html | |
* <div named-element="someCtrl.someElement"> | |
* </div> | |
* <some-crazy-component element="someCtrl.someElement"> | |
* </some-crazy-component> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function normaliseCoordinates(asObjects) { | |
var dimensions = { | |
x: [Infinity, -Infinity], | |
y: [Infinity, -Infinity], | |
} | |
var axisToDeltas = { | |
x: "width", | |
y: "height", | |
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// put this into a cell and then name a range 'housePrice' | |
=MIN(MAX(0,housePrice-250000),250000-125000)*0.02 + MIN(MAX(0,housePrice - 250000), 925000-250000) * 0.05 + MIN(MAX(0,housePrice - 9250000), 1500000-925000) * 0.1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// create a doctype that includes definitions for all HTML entities - http://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references | |
var doctype = '<?xml version="1.0" standalone="no"?>' + | |
'<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" [ ' | |
+ HTML_ENTITIES() + ' ]>'; | |
function HTML_ENTITIES() { | |
return '<!ENTITY quot """> <!ENTITY amp "&"> <!ENTITY apos "'"> <!ENTITY lt "<"> <!ENTITY gt ">"> <!ENTITY nbsp " "> <!ENTITY iexcl "¡"> <!ENTITY cent "¢"> <!ENTITY pound "£"> <!ENTITY curren "¤"> <!ENTITY yen "¥"> <!ENTITY brvbar "¦"> <!ENTITY sect "§"> <!ENTITY uml "¨"> <!ENTITY copy "©"> <!ENTITY ordf "ª"> <!ENTITY laquo "«"> <!ENTITY not "¬"> <!ENTITY shy "­"> <!ENTITY reg "®"> <!ENTITY macr "¯"> <!ENTITY deg "°"> <!ENTITY plusmn "±"> <!ENTITY sup2 "²"> <!ENTITY sup3 "³"> <!ENTITY acute "´"> <!ENT |